New Flash flaw could let attackers control Macs, Adobe urges users to update
Adobe on Monday disclosed a new vulnerability in its Flash platform that may allow attackers to remotely take over and control Macs, PCs, and Linux machines and advised users to update their system as quickly as possible.
The bug affects Flash Player 13.0.0.201 and earlier on the Mac, Flash Player 13.0.0.182 and earlier on Windows, and Flash Player 11.2.202.350 and earlier on Linux. Adobe says that attacks exploiting this flaw have been discovered "in the wild," so users are strongly urged to apply the latest updates sooner than later.
Mac owners and those on Windows-based PCs should update to Flash Player 13.0.0.206, while users running Linux should update to Flash Player 11.2.202.356. Those using the versions of Flash installed alongside Google's Chrome browser or Microsoft's Internet Explorer 10 and 11 will receive updates automatically.
According to security firm Kaspersky Lab, the vulnerability -- which received CVE number 2014-0515 -- is "located in the Pixel Bender component, designed for video and image processing." Exploits seen in the field using this bug are somewhat unique, using slightly different code depending on the operating system being targeted.
This is the second remote execution bug to crop up in Flash this year. A similar flaw surfaced in February, also affecting all platforms.
Users can check the version of Flash installed on their system by visiting Adobe's About Flash Player page or right-clicking on Flash content in their browser and choosing "About Adobe (or Macromedia) Flash Player" from the contextual menu.
The bug affects Flash Player 13.0.0.201 and earlier on the Mac, Flash Player 13.0.0.182 and earlier on Windows, and Flash Player 11.2.202.350 and earlier on Linux. Adobe says that attacks exploiting this flaw have been discovered "in the wild," so users are strongly urged to apply the latest updates sooner than later.
Mac owners and those on Windows-based PCs should update to Flash Player 13.0.0.206, while users running Linux should update to Flash Player 11.2.202.356. Those using the versions of Flash installed alongside Google's Chrome browser or Microsoft's Internet Explorer 10 and 11 will receive updates automatically.
According to security firm Kaspersky Lab, the vulnerability -- which received CVE number 2014-0515 -- is "located in the Pixel Bender component, designed for video and image processing." Exploits seen in the field using this bug are somewhat unique, using slightly different code depending on the operating system being targeted.
This is the second remote execution bug to crop up in Flash this year. A similar flaw surfaced in February, also affecting all platforms.
Users can check the version of Flash installed on their system by visiting Adobe's About Flash Player page or right-clicking on Flash content in their browser and choosing "About Adobe (or Macromedia) Flash Player" from the contextual menu.
Comments
Has there been a single week without a critical flash flaw? It seems like I get a warning every couple days on my PC. Why the **** isn't this technology dead yet? It's been long enough. Any website that still relies on flash for video, etc does not even deserve to exist, when most are accessing the web through mobile now. Half the sites I visit still say "missing plugin" for video on mobile devices. Disgusting.
Cant wait for Flash to die off entirely.
Who uses Flash anyway?
Strange. A[nother] security vulnerability in Flash. Didn't see that coming.
Is it just me, or does the Flash logo look like a sore, oozing, infected rectum to anyone else? Because that's what your computer feels like after you install this plugin. Well, that and Adobe PDF Reader together. You want hackers and viruses to have their way with your computer, just add Adobe.
Like so much about Adobe these days... another reason to look for a light on the horizon to signal an alternative route, away from Adobe.
HTML5 in this case.
And don't get me started on the rental-only Adobe CC, which I think is an insult to previous users of their software products.
The new features are getting fewer and fewer, so Adobe knows you may not buy their very-expensive software again soon. They've decided to charge you monthly for the privilege making your digital designs, whatever they are. Then their bottom line won't suffer when their technical progress is slow.
I kinda wish Apple would buy Adobe, since many of their users always have been Mac users, and make their software free when you buy a Mac.
Then someone else would not have to make another Creative Suite from scratch for us to buy, not rent.
Who uses Flash anyway?
Some of us can't avoid it at work unfortunately.... it sucks.
Ugh. Not again.
Flash needs to die.
...how does this affect my iPhone and iPad?? ;-)
It doesn't. Steve Jobs, bless his heart, wouldn't allow Adobe Flash on his mobile devices.
STEVE did a great job by injecting a virus to the FLASH virus.
5+ years and counting .... living my digital life without these 2 piece of craps:
1. Adobe Flash (and other garbage they sell!)
2. F****ng JAVA!
They don't die though because of Ads ... Ads ... god damn google and more Ads!
Like so much about Adobe these days... another reason to look for a light on the horizon to signal an alternative route, away from Adobe.
HTML5 in this case.
And don't get me started on the rental-only Adobe CC, which I think is an insult to previous users of their software products.
The new features are getting fewer and fewer, so Adobe knows you may not buy their very-expensive software again soon. They've decided to charge you monthly for the privilege making your digital designs, whatever they are. Then their bottom line won't suffer when their technical progress is slow.
I kinda wish Apple would buy Adobe, since many of their users always have been Mac users, and make their software free when you buy a Mac.
Then someone else would not have to make another Creative Suite from scratch for us to buy, not rent.
The update was quick and easy to install.
You complainers should spend less time complaining and more time working so you could better afford Adobe's products.
We think CC is much better than the old business model, and $50/mo is easy to handle for all the great tools we now have access to.
This is a great idea! I'm sure most wouldn't mind paying a bit more for a computer that had the Adobe CS built-in to it. I know I wouldn't mind it at all and it would be worth a little more of my money on the front end to save all the back end hastles of installation and updates.
They don't die though because of Ads ... Ads ... god damn google and more Ads!
Couldn’t find an animated version…
To bad the pukes at Adobe ont support older Mac OS (10.5.8). They shove the lousy player down our throats and then refuse to support older OS's when a security flaw is found. I think its total BS!
"Flash"?
What's that?
Sounds like someone needs to get off of their high horse. I agree with you about the subscription model being better long term for users (50 month is better than coughing up over 2 grand at one pop).
Adobe needs to put Flash in the trash. I block all flash on my home Mac and it is an annoying advertising-only tool that uses resources for nothing. Who cares if the constant updates only take a few minutes. Flash is 90's tech used to annoy people.
Another day, another Flash bug.