Yesterday, Adobe released a critical update for Flash Player that fixes a security vulnerability affecting Mac OS X, Windows, and Linux.
The security flaw allows hackers to steal cookies that are used to authenticate users on many popular sites, including Twitter, Instagram, eBay, and Tumblr. If the attacker were to exploit this flaw on any computer, they would have access to and control your system and account.
The flaw relies on specially-crafted SWF files that consist entirely of alphanumeric characters, which will be executed by Flash Player even though they are not valid Flash files. Those malicious files can take advantage of the special privileges granted to embedded objects on a web page, making cross-domain requests on behalf of a user and capturing returned data.
The bug was discovered by Google engineer Michele Spagnuolo. All users on Windows and Mac OS X should update to the latest version of Adobe Flash, version number 220.127.116.11.
Many of the affected websites, including Instagram and Twitter, have started to patch the issue on their end. However, this does not guarantee that you are safe.
Users are encouraged to install the update. The latest version of Flash Player can be downloaded from the Adobe Download Center.