CNET también está disponible en español.

Ir a español

Don't show this again

The Mandalorian season 2 Apple One launch NASA's 'Greater Pumpkin' Spiders with legs that hear Google's Halloween Doodle game CDC on trick-or-treating risks Charlie Brown's Great Pumpkin

Flash update fixes active exploits for both OS X and Windows

Two new zero-day vulnerabilities are addressed by the latest update to Adobe's popular Flash plug-in.

Java is not the only runtime that malware developers use to target victims of their attacks, and yesterday Adobe released an update to Flash that fixes two zero-day exploits in its popular Web plug-in software.

The two vulnerabilities in question affect both OS X and Windows systems, and allow malicious Flash content on Web sites to deliver malware to Macintosh systems via Firefox and Safari. The second vulnerability targets Windows users by tricking them into opening an e-mail attachment that contains the Flash-based exploit.

Adobe update options
Be sure to either have Adobe automatically install updates or notify you about updates that are available. Screenshot by Topher Kessler/CNET

These problems are considered critical, so if you have Flash enabled on your system (which most people likely do) then be sure to update it immediately; however, only do so via the official Flash Web page or through the Flash updater on your system, which may run automatically or can be invoked in the Flash Player system preferences for the latest versions of the software.

In addition to ensuring your Flash software is up to date, you might also consider limiting the amount of Flash content that is automatically allowed to run on your system. As with Java, Flash is yet another runtime that has its vulnerabilities and even though Adobe will keep on top of them with updates, it may be safest to only allow Flash content to run when needed. To do this, consider installing a plug-in manager for your browser such as ClickToFlash, ClickToPlugin, or NoScript that will require you activate each instance of the Flash plug-in that your browser is using.

Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.