Friday, May 04, 2012, 08:46 pm PT (11:46 pm ET)
Adobe issues emergency update to fix cross-platform Flash exploitAdobe on Friday released a security bulletin that announced an emergency update that affects all versions of its Flash Player, though it seems the exploit is currently being used to target Windows PCs running Microsoft's Internet Explorer .
Dubbed an "object confusion vulnerability," the bug tricks a user into opening a malicious file sent in an email message which can cause Flash to crash, potentially giving the attacker control of the affected PC.
First reported by Microsoft Vulnerability Research, the bug resides in Flash Player code for Windows, Mac, Linux and Android, though Adobe claims that the exploit being used only targets Internet Explorer for Microsoft's OS. Users who installed Flash on Google Chrome are unaffected as the browser updated automatically.
"Adobe recommends users of Adobe Flash Player 220.127.116.11 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 18.104.22.168," Adobe said in the bulletin. "Users of Adobe Flash Player 22.214.171.124 and earlier versions on Android 4.x devices should update to Adobe Flash Player 126.96.36.199. Users of Adobe Flash Player 188.8.131.52 and earlier versions for Android 3.x and earlier versions should update to Flash Player 184.108.40.206."
While Windows users who have selected the "silent update" option will receive the update automatically, those who did not or are running Flash 10.3.x or later for Mac must manually install the fix from within the program. To verify that the latest version of Flash is installed, users must navigate to the "About Flash Player" page or right-click on content running Flash within a webpage. Each browser on a given computer should be checked.
On Topic: General
- Samsung experts say Apple's patented features not valuable in trial
- Nike to reportedly exit wearables market, fires bulk of FuelBand team [u]
- Apple offers unclaimed WWDC tickets to select developers
- Briefly: Online Apple Store delays 24-hour ship times in Europe for Easter
- Samsung deal with Swiss clock maker portrayed as an affront to Apple