Flash zero-day exploit alert

Posted: February 5, 2014 in Security
Tags: , , , , , , , ,

Chuck Talking Tech / by Chuck Bienenfeld

February 5, 2014

Adobe has released an unscheduled update for its Flash media player due to a recently discovered critical vulnerability that may already be active on the internet.

The security flaw exists in Adobe Flash Player 12.0.0.43 and earlier versions for Windows and OS X and 11.2.202.335 and earlier versions for Linux, according to an advisory published Tuesday morning.  Adobe rated the threat as “critical,” the company’s highest severity category.

“Adobe is aware of reports that an exploit for this vulnerability exists in the wild and recommends users update their product installations to the latest versions,” the Adobe advisory stated.

As reported on the Steve Gibson “Security Now” show, this exploit allows code, including malware, to be executed on a users system from sites running flash content.  It appears that much of the malware is being delivered via ads on website which lure users to sites that make use of Flash.  Steve noted that with today’s modern browsers ability to make use of HTML5 the need for Flash is diminishing.  Also anyone use the no script plugin/extension would not have to worry about such a vulnerability (I have been using the no script plugin and will include this in an upcoming blog).

The update (version 12.0.0.44) for this threat is available on the Adobe site which can be found at:

http://get.adobe.com/flashplayer

Please remember to uncheck any toolbar or other offers listed on this site prior to clicking the “Install now” button.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s