The vulnerability, which is described by Adobe as an “object confusion vulnerability,” exists in the Windows, Mac, Linux and Android versions of the Flash Player. The vulnerability can be used to crash applications and take control of the affected system.
This vulnerability is already being exploited. Malicious files are being sent in email messages which target Flash Player on Internet Explorer for Windows.
While this attack is currently limited to the Windows platform, given the high profile and highly successful Flashback attacks against Mac, which netter over 600,000 Macs into its botnet, it’s quite possible that we’ll see this attack being extended OS X.
Android device are also not immune to malware either, so it’s wise to update those smartphones and tablets too.
It’s recommended that users of Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Mac and Linux update to Adobe Flash Player 11.2.202.235. You can do this by visiting Adobe’s flash Player update portal.
If you’re a Windows user and you’ve updated the Flash Player in the past few weeks then it’s possible that you have a Flash Player version that will now automatically update in the background.
Flash Player installed with Google Chrome will be updated automatically, and no user action is required. Users of Adobe Flash Player 11.1.115.7 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.8. Users of Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.9.
For users who cannot update to Flash Player 11.2.202.235, Adobe has developed a patched version of Flash Player 10.x, Flash Player 10.3.183.19, which can be downloaded here.
Android users can get the Flash Player update from Google Play.
0 comments:
Post a Comment