System-seizing Flash attacks prompt security fix from Adobe

The company releases a security update for Flash to address a flaw that's being used by hackers to gain control of victims' machines.

A Flash vulnerability that's being exploited by hackers to gain control of victims' machines is the target of a security update released yesterday by Adobe.

"There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an e-mail message," Adobe said in a security bulletin.

"The exploit targets Flash Player on Internet Explorer for Windows only," Adobe said, but the company urged Mac, Linux, and Android users to update their versions of Flash as well. The company provided a link to help people determine which version of Flash they're running, and it listed which versions are vulnerable:

Adobe recommends users of Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 11.2.202.235. Flash Player installed with Google Chrome was updated automatically, so no user action is required. Users of Adobe Flash Player 11.1.115.7 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.8. Users of Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.9.

Android users can verify the version of Flash they're running as follows: go to Settings/Applications/Manage Applications/Adobe Flash Player x.x.

For detailed information, including information on downloading a new version of Flash, see the security bulletin.

About the author

Edward Moyer is an associate editor at CNET News and a many-year veteran of the writing and editing world. He enjoys taking sentences apart and putting them back together. He also likes making them from scratch.

 

Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments