Adobe Updates Flash Player to Fix Critical Vulnerability
Adobe may have deprecated Flash in favor of HTML5, but that doesn’t mean everyone has stopped using it nor have hackers stopped looking for vulnerabilities.
Adobe released a new critical security on Thursday which fixes a zero-day flaw in Adobe Flash Player. According to the release notes, the vulnerability, could be exploited to "cause a crash and potentially allow an attacker to take control of the affected system".
Adobe says that the exploit is in use by hackers, and they’re not kidding. Apparently the vulnerability was identified by a researcher who found it in a malware toolkit last week:
The Angler exploit kit is one of the most popular crimeware kit and according to the French security researcher Kafeine it was enriched with a fresh Adobe Flashzero-day vulnerability. Kafeine has discovered a new variant of the Angler exploit kit that exploit three different vulnerabilities in Flash Player, including the zero-day flaw for the latest version of Flash (version 220.127.116.117) in several versions of Internet Explorer running on Windows 7 and Windows 8.
The security hole affects computers running Linux, OSX, and Windows, although the researchers have only identified the exploit being used against computers running Windows XP, 7, and 8. But since it’s already being actively exploited you’re definitely going to want update Flash Player.
If you have automatic updates enabled then Adobe will be rolling the update out to you. But just to be safe, you should probably check with Adobe and see if you have the latest version of Flash Player for your system.
According to this page, I’m good. Are you?
You can download the update here.
image by smswigart
Sarah Grendel January 26, 2015 um 1:29 pm
I’m confused. When I checked the link you give to identify my version of flash player, I’m told that I have 18.104.22.1686. Wouldn’t that be more advanced than the 16.0.087?
Nate Hoffelder January 26, 2015 um 1:39 pm
According to Adobe’s notice, x.296 is the version which has been patched. You already got the update.
Sarah Grendel January 26, 2015 um 1:57 pm
Super! Thanks for confirming.
Forbes Website Was Hacked in Targeted Attack on Its Visitors ⋆ Ink, Bits, & Pixels February 11, 2015 um 11:31 am
[…] Luckily the hackers were not interested in infecting everyone, but that doesn't change the fact that they were still able to use weak security on the Forbes website and a previously unknown Adobe Flash security hole to potentially infect millions of computers. (That Flash security hole, in case you were wondering, was patched in January.) […]