"Although every browser and OS is theoretically susceptible to this attack, the process to activate the webcam requires multiple highly targeted clicks, which is difficult for an attacker to pull off," he notes. "I'm not sure how useful this technique would actually be in the wild, but I hope that Adobe fixes it soon so we don't have to find out."
According to CNET, a security hole exists in Adobe Flash which can allow websites to turn on webcams and microphones without the owner's knowledge. The quote above, from Feross Aboukhajideh, who discovered the problem, is not quite true. iOS is, of course, immune to Flash vulnerabilities.
Looks like Steve Jobs was right after all.
Sent from my iPad using iPF