System-seizing Flash attacks prompt security fix from Adobe
The company releases a security update for Flash to address a flaw that's being used by hackers to gain control of victims' machines.
- Ed was a member of the CNET crew that won a National Magazine Award from the American Society of Magazine Editors for general excellence online. He's also edited pieces that've nabbed prizes from the Society of Professional Journalists and others.
A Flash vulnerability that's being exploited by hackers to gain control of victims' machines is the target of a security update released yesterday by Adobe.
"There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an e-mail message," Adobe said in a security bulletin.
"The exploit targets Flash Player on Internet Explorer for Windows only," Adobe said, but the company urged Mac, Linux, and Android users to update their versions of Flash as well. The company provided a link to help people determine which version of Flash they're running, and it listed which versions are vulnerable:
Adobe recommends users of Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 11.2.202.235. Flash Player installed with Google Chrome was updated automatically, so no user action is required. Users of Adobe Flash Player 11.1.115.7 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.8. Users of Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.9.
Android users can verify the version of Flash they're running as follows: go to Settings/Applications/Manage Applications/Adobe Flash Player x.x.
For detailed information, including information on downloading a new version of Flash, see the security bulletin.