Chuck Talking Tech / by Chuck Bienenfeld
February 5, 2014
Adobe has released an unscheduled update for its Flash media player due to a recently discovered critical vulnerability that may already be active on the internet.
The security flaw exists in Adobe Flash Player 12.0.0.43 and earlier versions for Windows and OS X and 11.2.202.335 and earlier versions for Linux, according to an advisory published Tuesday morning. Adobe rated the threat as “critical,” the company’s highest severity category.
“Adobe is aware of reports that an exploit for this vulnerability exists in the wild and recommends users update their product installations to the latest versions,” the Adobe advisory stated.
As reported on the Steve Gibson “Security Now” show, this exploit allows code, including malware, to be executed on a users system from sites running flash content. It appears that much of the malware is being delivered via ads on website which lure users to sites that make use of Flash. Steve noted that with today’s modern browsers ability to make use of HTML5 the need for Flash is diminishing. Also anyone use the no script plugin/extension would not have to worry about such a vulnerability (I have been using the no script plugin and will include this in an upcoming blog).
The update (version 12.0.0.44) for this threat is available on the Adobe site which can be found at:
http://get.adobe.com/flashplayer
Please remember to uncheck any toolbar or other offers listed on this site prior to clicking the “Install now” button.