Man-in-the-middle technique may be used to exploit Flash Player to spy on user via webcam and microphone connected to his computer. Alexander Klink from Fraunhofer Institute showed how to intercept communication betweet Flash Player and Settings Manager. The Settings Manager is a simple Flash applet that is downloaded as .swf file via HTTPS.

Klink showed that using man-in-the-middle technique it is possible to inject into user's machine crafted applet that gives an attacker an access to user's webcam and microphone. The attacker may then transmit audio and video to any server.

source: Heise Online
07.09.2010