Monday, April 28, 2014, 09:58 am PT (12:58 pm ET)
New Flash flaw could let attackers control Macs, Adobe urges users to updateAdobe on Monday disclosed a new vulnerability in its Flash platform that may allow attackers to remotely take over and control Macs, PCs, and Linux machines and advised users to update their system as quickly as possible.
The bug affects Flash Player 126.96.36.199 and earlier on the Mac, Flash Player 188.8.131.52 and earlier on Windows, and Flash Player 184.108.40.2060 and earlier on Linux. Adobe says that attacks exploiting this flaw have been discovered "in the wild," so users are strongly urged to apply the latest updates sooner than later.
Mac owners and those on Windows-based PCs should update to Flash Player 220.127.116.11, while users running Linux should update to Flash Player 18.104.22.1686. Those using the versions of Flash installed alongside Google's Chrome browser or Microsoft's Internet Explorer 10 and 11 will receive updates automatically.
According to security firm Kaspersky Lab, the vulnerability — which received CVE number 2014-0515 — is "located in the Pixel Bender component, designed for video and image processing." Exploits seen in the field using this bug are somewhat unique, using slightly different code depending on the operating system being targeted.
This is the second remote execution bug to crop up in Flash this year. A similar flaw surfaced in February, also affecting all platforms.
Users can check the version of Flash installed on their system by visiting Adobe's About Flash Player page or right-clicking on Flash content in their browser and choosing "About Adobe (or Macromedia) Flash Player" from the contextual menu.
On Topic: General
- Apple opens iTunes donations for 'City of Hope' cancer charity, moves beyond natural disaster relief
- PayPal purportedly cut out of Apple Pay due to partnership with Samsung
- Pebble smartwatch gets $50 price cut, background tracking for fitness & sleep
- Microsoft looks to distance itself from Windows 8, jumps to Windows 10
- European Commission finds Ireland's tax deal with Apple amounts to illegal state aid