Jump to content

Adobe Update Nixes Flash Player Zero Day - Update Immediately


ShyWriter

Recommended Posts

.

Adobe Update Nixes Flash Player Zero Day

 

by Brian Krebs | April 28, 2014

 

Adobe Systems Inc. has shipped an emergency security update to fix a critical flaw in its Flash Player software that is currently being exploited in active attacks. The exploits so far appear to target Microsoft Windows users, but updates also are available for Mac and Linux versions of Flash.

 

brokenflash-a.png

 

The Flash update brings the media player to v. 13.0.0.206 on Windows and Mac systems, and v. 11.2.202.356 for Linux users. To see which version of Flash you have installed, check this link.

 

IE10/IE11 and Chrome should auto-update their versions of Flash. If your version of Flash on Chrome (on either Windows, Mac or Linux) is not yet updated, you may just need to close and restart the browser.

 

The most recent versions of Flash are available from the Adobe download center, but beware potentially unwanted add-ons, like McAfee Security Scan). To avoid this, uncheck the pre-checked box before downloading, or grab your OS-specific Flash download from here. Windows users who browse the Web with anything other than Internet Explorer will need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.).

 

In its advisory about this vulnerability, Adobe said it is aware of reports that an exploit for the flaw (CVE-2014-0515) exists in the wild, and is being used to target Flash Player users on the Windows platform.

 

Continue reading →

 

SOURCE: https://krebsonsecurity.com/2014/04/adobe-update-nixes-flash-player-zero-day/

 

/Steve

 

Link to post
Share on other sites

Whatever happened to that "next great thing", html5, that was going to replace Flash?

<rhetorical question>

 

Still, this was the first such "emergency" patch in quite a while.

I remember those bad old days -- not all that long ago -- shortly after Adobe bought Flash Player from Macromedia, when it was a crisis a week....

 

Sigh.

Link to post
Share on other sites

Brian Krebs needs to fix his site. There's some content loading from s.krebsonsecurity.com that is using a certificate that isn't intended for that subdomain. I can just click the button to accept the cert, but someone else I sent the link to said it wasn't loading (whether they were presented with an option to accept the cert and clicked decline or it was automatically rejected I do not know).

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.