February 27, 2013
Adobe Updates Flash Yet Again
Michael Harper for redOrbit.com — Your Universe Online
Yesterday, Adobe released yet another security update for Flash, the third such security update this month. This patch reportedly repairs a vulnerability that has recently been exploited in the wild. The exploit causes computers to crash and could even give hackers the ability to access these machines and take them over. Adobe is advising Mac and Windows users -- particularly those who use Firefox -- to download the latest patch in the next 72 hours.
Hackers have been targeting users with the faulty versions of Flash with attacks designed to get the user to click a dirty link. This link then leads the user to a Web site serving malicious Flash content. One of these attacks specifically targets Firefox users.
These fixes have been assigned a priority one rating, the highest threat level, and Adobe claims these vulnerabilities are currently being targeted and have a high possibility of being targeted going forward.
Those Linux users running Flash are also encouraged to download the latest patch, though this fix has been assigned a priority three rating. According to Adobe, Linux users have not “historically“¦been a target for attackers."
The following versions of Adobe Flash are affected by this latest security threat that will be fixed with this new patch:
- Adobe Flash Player 11.6.602.168 and earlier versions for Windows
- Adobe Flash Player 11.6.602.167 and earlier versions for Macintosh
- Adobe Flash Player 22.214.171.1240 and earlier versions for Linux
Users should check their 'About Flash' page or right click any flash content to see which version of Flash they have installed. From here, users will be able to install the latest version. Adobe also warns users with multiple browsers will need to install the newest version of Flash for each browser. Once the installation is complete, Adobe suggests checking the Flash version once more to ensure users are running the most current version of Flash.
Yesterday´s update is the third Adobe has shipped in the month of February alone. Earlier in the month, Adobe shipped an update which fixed a zero-day exploit vulnerability. Hackers were actively taking advantage of this vulnerability and launching malware attacks against Flash users. Similar to the most recent threat, hackers would mislead users to infected Web sites with the dirty flash content installed. According to ZDNet, a separate flaw would also trick users into opening up a dirty Microsoft Word document that contained malicious flash content.
A second attack from earlier this month specifically targeted Mac OSX users.
Last week, Adobe released a patch for Adobe Reader after a vulnerability had been found which allowed hackers to remotely hijack computers.
Apple and Flash have had a rocky history, complete with a scornful missive penned by Steve Jobs about the many troubles of Flash. Soon after, Apple began shipping their computers without Flash pre-installed, leaving it up to the user to install Flash on their own.
Loved and loathed Apple pundit John Gruber even wrote a handy guide for Mac users looking to live a Flash-free lifestyle.