Upgrade patch looks to counter “critical vulnerability” in older versions of Flash Player
Adobe is urging users of its Flash Player software to install a new security update which it hopes will prevent hackers from exploiting what it calls a “critical vulnerability” (a zero-day flaw) found in the program.
In an emergency security bulletin released last night, the company explains that the update will address a major flaw that could potentially allow an attacker to remotely take control of the affected system.
“Adobe is aware of reports that an exploit for this vulnerability exists in the wild, and recommends users update their product installations to the latest versions,” an Adobe statement said.
The vulnerability affects users across Windows, Mac and Linux PCs, with Adobe giving the update a Priority 1 rating (where updates are advised to be installed as soon as possible) for users of the first two platforms, and a Priority 3 rating (meaning vulnerabilities that have not historically been targets) for the latter.
Customers not using the latest versions of Chrome or Internet Explorer will need to update their versions of Flash Player automatically, as previous editions of those browsers do not have Adobe’s software built in.
Craig Young, security researcher at Tripwire’s Vulnerability and Exposure Research Team, believes that this issue serves as a reminder to users to exercise proper care and attention with their browsers.
“This latest Flash zero-day serves as a good reminder of the reasons security professionals urge users to enable browser plugins only when necessary,” he said, “ It is important to note that browsers such as Chrome and Internet Explorer have Adobe’s Flash technology ‘baked in’ making it necessary to explicitly disable it when not needed.”
This is the latest in a series of security setbacks to have affected the firm, which admitted last October that the usernames and encrypted passwords of 38 million of its active account holders had been stolen by hackers in a major attack. The source code for its Reader, Acrobat and Photoshop programs were also found to have compromised during the attack, which also found users’ credit cards details may have been stolen.
Are you a security expert? Try our quiz!
Originally published on eWeek.