Adobe issues emergency update to fix cross-platform Flash exploitAdobe on Friday released a security bulletin that announced an emergency update that affects all versions of its Flash Player, though it seems the exploit is currently being used to target Windows PCs running Microsoft's Internet Explorer .
Dubbed an "object confusion vulnerability," the bug tricks a user into opening a malicious file sent in an email message which can cause Flash to crash, potentially giving the attacker control of the affected PC.
First reported by Microsoft Vulnerability Research, the bug resides in Flash Player code for Windows, Mac, Linux and Android, though Adobe claims that the exploit being used only targets Internet Explorer for Microsoft's OS. Users who installed Flash on Google Chrome are unaffected as the browser updated automatically.
"Adobe recommends users of Adobe Flash Player 126.96.36.199 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 188.8.131.52," Adobe said in the bulletin. "Users of Adobe Flash Player 184.108.40.206 and earlier versions on Android 4.x devices should update to Adobe Flash Player 220.127.116.11. Users of Adobe Flash Player 18.104.22.168 and earlier versions for Android 3.x and earlier versions should update to Flash Player 22.214.171.124."
While Windows users who have selected the "silent update" option will receive the update automatically, those who did not or are running Flash 10.3.x or later for Mac must manually install the fix from within the program. To verify that the latest version of Flash is installed, users must navigate to the "About Flash Player" page or right-click on content running Flash within a webpage. Each browser on a given computer should be checked.
On Topic: General
- Apple Stores suffering from 'cult' atmosphere, advancement barriers, says UK staffer
- This week on AI: New MacBook Pro rumors, Apple's answer to Echo, Apple Car charging & more
- Apple details efforts to ease environmental impact at Irish data center
- Jawbone said to end fitness tracker sales, may sell off speaker business [u]
- AirPort Extreme, Time Capsule pulled from U.S. Apple Stores