Flash update fixes active exploits for both OS X and Windows

Two new zero-day vulnerabilities are addressed by the latest update to Adobe's popular Flash plug-in.

Topher Kessler MacFixIt Editor
Topher, an avid Mac user for the past 15 years, has been a contributing author to MacFixIt since the spring of 2008. One of his passions is troubleshooting Mac problems and making the best use of Macs and Apple hardware at home and in the workplace.
Topher Kessler
2 min read

Java is not the only runtime that malware developers use to target victims of their attacks, and yesterday Adobe released an update to Flash that fixes two zero-day exploits in its popular Web plug-in software.

The two vulnerabilities in question affect both OS X and Windows systems, and allow malicious Flash content on Web sites to deliver malware to Macintosh systems via Firefox and Safari. The second vulnerability targets Windows users by tricking them into opening an e-mail attachment that contains the Flash-based exploit.

Adobe update options
Be sure to either have Adobe automatically install updates or notify you about updates that are available. Screenshot by Topher Kessler/CNET

These problems are considered critical, so if you have Flash enabled on your system (which most people likely do) then be sure to update it immediately; however, only do so via the official Flash Web page or through the Flash updater on your system, which may run automatically or can be invoked in the Flash Player system preferences for the latest versions of the software.

In addition to ensuring your Flash software is up to date, you might also consider limiting the amount of Flash content that is automatically allowed to run on your system. As with Java, Flash is yet another runtime that has its vulnerabilities and even though Adobe will keep on top of them with updates, it may be safest to only allow Flash content to run when needed. To do this, consider installing a plug-in manager for your browser such as ClickToFlash, ClickToPlugin, or NoScript that will require you activate each instance of the Flash plug-in that your browser is using.

Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.