The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to cause victims to unknowingly click on a link or dialog via access control dialogs disguised as normal graphical elements, as demonstrated by hijacking the camera or microphone, and related to "clickjacking." Reference: BID:31625 Reference: URL:http://www.securityfocus.com/bid/31625 Reference: SECTRACK:1020996 Reference: URL:http://www.securitytracker.com/id?1020996 Reference: SECUNIA:32163 Reference: URL:http://secunia.com/advisories/32163
Adding in timeline for fix - this will be resolved in an upcoming Flash Player update before the end of October: http://blogs.adobe.com/psirt
I heard, this problem was fixed in 9.0.151.0 http://kb.adobe.com/selfservice/viewContent.do?externalId=kb406791&sliceId=2
This issue was addressed in: Red Hat Enterprise Linux Extras: http://rhn.redhat.com/errata/RHSA-2008-0945.html http://rhn.redhat.com/errata/RHSA-2008-0980.html