Save $100 on 8 MacBook Airs while supplies last: Apple Price Guides updated Apr 16th (use exclusive coupons, tax-free options to save hundreds)
 


Friday, May 04, 2012, 08:46 pm PT (11:46 pm ET)

Adobe issues emergency update to fix cross-platform Flash exploit

Adobe on Friday released a security bulletin that announced an emergency update that affects all versions of its Flash Player, though it seems the exploit is currently being used to target Windows PCs running Microsoft's Internet Explorer .

Dubbed an "object confusion vulnerability," the bug tricks a user into opening a malicious file sent in an email message which can cause Flash to crash, potentially giving the attacker control of the affected PC.

First reported by Microsoft Vulnerability Research, the bug resides in Flash Player code for Windows, Mac, Linux and Android, though Adobe claims that the exploit being used only targets Internet Explorer for Microsoft's OS. Users who installed Flash on Google Chrome are unaffected as the browser updated automatically.

"Adobe recommends users of Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 11.2.202.235," Adobe said in the bulletin. "Users of Adobe Flash Player 11.1.115.7 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.8. Users of Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.9."


Adobe Flash Player Security

Source: Adobe


While Windows users who have selected the "silent update" option will receive the update automatically, those who did not or are running Flash 10.3.x or later for Mac must manually install the fix from within the program. To verify that the latest version of Flash is installed, users must navigate to the "About Flash Player" page or right-click on content running Flash within a webpage. Each browser on a given computer should be checked.