Friday, March 11, 2016

Adobe Flash vulnerability being exploited in the wild - update now

So everyone get patching:
Adobe has urged users to patch their Windows, OS X and Linux editions of Flash Player to address 23 security vulnerabilities, including one that is actively being targeted in the wild. 
The March update includes a number of fixes for vulnerabilities that could, if exploited, allow an attacker to remotely execute code on a targeted system simply by loading a malformed Flash file. In other words, visiting a booby-trapped webpage, or viewing a Flash ad, could inject malware into your computer. 
One of those flaws, CVE-2016-1010, is being used for what Adobe calls "limited, targeted attacks." 
Users running Flash Player 20.0.0.306 and earlier for Windows, OS X and Linux should look to update the software. 
Flash Player for Linux 11.2.202.569 and earlier and Adobe AIR Desktop Runtime and AIR SDK 20.0.0.260 as well as AIR for Android 20.0.0.233 and earlier should also be updated if possible. You can check your installed version here
Users who have activated the "Allow Adobe to install updates" option on Flash Player for Windows and OS X should receive the update automatically. Google's Chrome browser installs Flash updates automatically, too.
Flash, of course, is what makes video work on Youtube and other places.  It's pretty much everywhere and so is a favorite target of the Bad Guys.

Follow the link above and it will tell you if you are vulnerable and will give you a button to update.

2 comments:

Ratus said...

"Flash, of course, is what makes video work on Youtube and other places."

Uhh, BP YouTube has been html 5 for almost a year, maybe longer.

Ratus said...

Yep, over a year default html 5.