Adobe Issues Update for Critical Vulnerability in Flash Player for Mac and Windows

flash_player_10_mnemonic_no_shadow3

Yesterday, Adobe released a critical update for Flash Player that fixes a security vulnerability affecting Mac OS X, Windows, and Linux. 

The security flaw allows hackers to steal cookies that are used to authenticate users on many popular sites, including Twitter, Instagram, eBay, and Tumblr. If the attacker were to exploit this flaw on any computer, they would have access to and control your system and account. 

The flaw relies on specially-crafted SWF files that consist entirely of alphanumeric characters, which will be executed by Flash Player even though they are not valid Flash files. Those malicious files can take advantage of the special privileges granted to embedded objects on a web page, making cross-domain requests on behalf of a user and capturing returned data.

The bug was discovered by Google engineer Michele Spagnuolo. All users on Windows and Mac OS X should update to the latest version of Adobe Flash, version number 14.0.0.145. 

Many of the affected websites, including Instagram and Twitter, have started to patch the issue on their end. However, this does not guarantee that you are safe. 

Users are encouraged to install the update. The latest version of Flash Player can be downloaded from the Adobe Download Center

[via AppleInsider]

P.S. - Like our news? Support the site with a coffee/beer. Or shop with our Amazon link. We use affiliate links when possible--thank you for supporting independent media.