Malicious Flash Player content has been circulating, and Adobe has responded with an emergency security update for Mac, Windows, Linux, Android and various browser systems.
Malicious Flash Files the Culprit
An exploit has been discovered using malicious Flash files on websites, but also a tricky email that could harm unsuspecting users who open the attached Microsoft Word document. Flash content hosted on exploited websites has been targeting the Flash Player in Firefox or Safari browsers on Macs, according to an Adobe security bulletin.
The email attachment hack has been targeting Windows users, and Adobe has issued the needed updates for all of these platforms. Any system not updated could be open to an attack that could cause crashes and even allow attackers to take over the infected system.
For Google Chrome and Internet Explorer 10 users, the newest versions of each browser include automatic updates for Flash Player. Mobile users on the Android system have their choice of update depending on which version they are using. The Android update is broken down into those who are on the 4.x system and those on the 3.x or 2.x systems.
Windows, Mac Systems Should Update within 72 Hours
Adobe has identified a critical vulnerability with Mac and Windows systems, and it recommends updating these systems within 72 hours. Adobe uses a priority and severity security rating on these kinds of exploits, and in this case, the Mac and Windows vulnerability ranks as a 1 on the scale.
Some common forms of online attacks. In the Adobe case, the problem is a buffer overflow and a memory corruption that could lead to malicious code execution
That means it is the most dangerous, whereas the Linux and Android exploits are a 3 on the scale, and the recommendation there is admins should update Flash Player at their discretion.
Security experts at Lockheed Martin and Kaspersky Labs helped Adobe pinpoint the exploit in this case, and the companies even helped out with the patches, Adobe acknowledged in its bulletin. As many already know, Flash Player has been dead-ended for mobile devices, and security had no doubt been one of the biggest reasons.
With this kind of security breach on Mac and Windows systems, we wonder how much longer it will really be needed, especially given the rise of technologies like HTML5.