Flash update fixes active exploits for both OS X and Windows

Two new zero-day vulnerabilities are addressed by the latest update to Adobe's popular Flash plug-in.

Java is not the only runtime that malware developers use to target victims of their attacks, and yesterday Adobe released an update to Flash that fixes two zero-day exploits in its popular Web plug-in software.

The two vulnerabilities in question affect both OS X and Windows systems, and allow malicious Flash content on Web sites to deliver malware to Macintosh systems via Firefox and Safari. The second vulnerability targets Windows users by tricking them into opening an e-mail attachment that contains the Flash-based exploit.

Adobe update options
Be sure to either have Adobe automatically install updates or notify you about updates that are available. Screenshot by Topher Kessler/CNET

These problems are considered critical, so if you have Flash enabled on your system (which most people likely do) then be sure to update it immediately; however, only do so via the official Flash Web page or through the Flash updater on your system, which may run automatically or can be invoked in the Flash Player system preferences for the latest versions of the software.

In addition to ensuring your Flash software is up to date, you might also consider limiting the amount of Flash content that is automatically allowed to run on your system. As with Java, Flash is yet another runtime that has its vulnerabilities and even though Adobe will keep on top of them with updates, it may be safest to only allow Flash content to run when needed. To do this, consider installing a plug-in manager for your browser such as ClickToFlash, ClickToPlugin, or NoScript that will require you activate each instance of the Flash plug-in that your browser is using.



Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.

Featured Video
6
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Is a 12.9-inch iPad Pro coming soon?

Apple may be getting ready to unveil the iPad Pro, iPad Mini 4 and a new Apple TV. Also, Google's Nexus refresh starts Sept. 29 and Tesla announces pricing on the Model X SUV.

by Jeff Bakalar