Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

New Flash flaw could let attackers control Macs, Adobe urges users to update

Adobe on Monday disclosed a new vulnerability in its Flash platform that may allow attackers to remotely take over and control Macs, PCs, and Linux machines and advised users to update their system as quickly as possible.

The bug affects Flash Player 13.0.0.201 and earlier on the Mac, Flash Player 13.0.0.182 and earlier on Windows, and Flash Player 11.2.202.350 and earlier on Linux. Adobe says that attacks exploiting this flaw have been discovered "in the wild," so users are strongly urged to apply the latest updates sooner than later.

Mac owners and those on Windows-based PCs should update to Flash Player 13.0.0.206, while users running Linux should update to Flash Player 11.2.202.356. Those using the versions of Flash installed alongside Google's Chrome browser or Microsoft's Internet Explorer 10 and 11 will receive updates automatically.

According to security firm Kaspersky Lab, the vulnerability — which received CVE number 2014-0515 — is "located in the Pixel Bender component, designed for video and image processing." Exploits seen in the field using this bug are somewhat unique, using slightly different code depending on the operating system being targeted.

This is the second remote execution bug to crop up in Flash this year. A similar flaw surfaced in February, also affecting all platforms.

Users can check the version of Flash installed on their system by visiting Adobe's About Flash Player page or right-clicking on Flash content in their browser and choosing "About Adobe (or Macromedia) Flash Player" from the contextual menu.



60 Comments

slurpy 15 Years · 5390 comments

Has there been a single week without a critical flash flaw? It seems like I get a warning every couple days on my PC. Why the **** isn't this technology dead yet? It's been long enough. Any website that still relies on flash for video, etc does not even deserve to exist, when most are accessing the web through mobile now. Half the sites I visit still say "missing plugin" for video on mobile devices. Disgusting. 

🎁
thewhitefalcon 10 Years · 4444 comments

Flash 13 didn't even work on my Mac, I couldn't use ANY Flash content. I had to downgrade to 12. They want me to update to 13 again? No thanks. Cant wait for Flash to die off entirely.

🎁
ceek74 12 Years · 324 comments

Strange.  A[nother] security vulnerability in Flash.  Didn't see that coming.

☕️
maestro64 19 Years · 5029 comments

Not sure how a video player and web player can allow someone to control access to your computer. Adobe must employ some of the worst programmers. Then again Adobe is not in the top paying in the valley and it shows in their products.