Flash update fixes active exploits for both OS X and Windows
Two new zero-day vulnerabilities are addressed by the latest update to Adobe's popular Flash plug-in.
Java is not the only runtime that malware developers use to target victims of their attacks, and yesterday Adobe released an update to Flash that fixes two zero-day exploits in its popular Web plug-in software.
The two vulnerabilities in question affect both OS X and Windows systems, and allow malicious Flash content on Web sites to deliver malware to Macintosh systems via Firefox and Safari. The second vulnerability targets Windows users by tricking them into opening an e-mail attachment that contains the Flash-based exploit.
These problems are considered critical, so if you have Flash enabled on your system (which most people likely do) then be sure to update it immediately; however, only do so via the official Flash Web page or through the Flash updater on your system, which may run automatically or can be invoked in the Flash Player system preferences for the latest versions of the software.
In addition to ensuring your Flash software is up to date, you might also consider limiting the amount of Flash content that is automatically allowed to run on your system. As with Java, Flash is yet another runtime that has its vulnerabilities and even though Adobe will keep on top of them with updates, it may be safest to only allow Flash content to run when needed. To do this,for your browser such as ClickToFlash, ClickToPlugin, or NoScript that will require you activate each instance of the Flash plug-in that your browser is using.