Apple Closes iSight Security Hole
Gruber Duckie writes "Apple's security update 2006-008, posted yesterday, is a little more interesting than it sounds. According to information (and a demo!) posted at Macslash the "information leak" mentioned in Apple's advisory actually makes it possible for a web site to send whatever your (isight) web cam sees up to the server. I'm glad they fixed this quickly."
Look, I know you like Macs, like Apple etc. It's a running theme whenever I see your posts. However, it's perfectly feasable to (say) buy a Flash advert slot on a widely used network then have the Flash movie inject an invisible java applet into the page using its DOM integration (if you even want to get that fancy). Java applets are designed to be loaded and run automatically, that's why they have this secure sandbox model that Apple went and violated in the classic fashion of integrating all its OS components with the web browser. If a Java applet can record what your camera sees that is a HUGE deal. It cannot simply be blown off like that!