Adobe Issues Critical Patch for Flash, Again

Flash may be well on its way to extinction, but that doesn?EU?t mean it can?EU?t still inflict more damage before it goes. The famously vulnerable software is getting yet another emergency patch from parent company Adobe to protect users from a slew of exploits, at least one of which has already been observed in the wild and could allow an attacker to hijack a user's system.

The vulnerabilities affect a number of different operating systems, including Windows, Macintosh, Linux, Android, iOS, and Chrome OS. The update includes patches for a variety of problems, five of which Adobe rated as ?EU?critical,?EU? its highest priority ranking.

Critical vulnerabilities include those which, if exploited, would allow malicious native code to execute, potentially without the knowledge of a user, according to Adobe. Users can go to the Adobe Web site to verify which version of Flash Player they're running and upgrade to the latest version.

The Long List of Security Flaws

As bad as that sounds, the alert is only one in a litany of warnings Adobe has had to issue regarding the faulty software. Late last year, the company issued a similar warning about another set of critical security problems with Flash.

A week before Adobe sounded that alarm, hackers had exploited a Flash vulnerability to attack the AOL Ad Network with a nasty bit of malvertising, online advertising that spreads malware. The attack affected popular Web sites such as the Huffington Post, GameZone and LA Weekly. Ads hosted on those sites from an AOL ad network redirected visitors to a site that exploited a Flash bug to download a Trojan onto users computers..

At least one of the vulnerabilities described in Adobe's latest security alert is already "being used in limited, targeted attacks" by hackers in the wild, so users are encouraged to patch...

Comments are closed.