While the world freaks out about the zombie apocalypse New York Stock Exchange and United Airlines suffering computer problems, there’s some important news on the security front.
An emergency patch for Adobe Flash has been released, reportedly fixing critical zero-day vulnerabilities that have been exploited by hackers to compromised computer systems.
(And no, I have no reason to believe that the Adobe Flash vulnerability has anything to do with the hiccups that the NYSE and United Airlines are experiencing.)
Of course, what makes this patch particularly interesting is that it includes a fix for a zero-day vulnerability developed and exploited by Hacking Team, an Italian company who sells spyware to governments and law enforcement agencies and rather awkwardly suffered a massive hack earlier this week.
The attackers responsible for the security breach at Hacking Team, released many gigabytes worth of stolen data including email archives, internal documents and source code for the company’s controversial products.
Which means, effectively, that details of the Adobe Flash zero-day tumbled into the wild for anybody to exploit.
A large number of other security holes appear to have also been addressed by this update, so I would recommend patching your systems at the earliest opportunity.
The patch can be found in Flash Player version 18.0.0.203 for Windows and Mac computers. For full details, and download links, check out the security advisory on Adobe’s website.
If you are not sure which version of Adobe Flash you are running on your computer, visit this Adobe webpage which will tell you.
The most recent version of Flash is always available from the Flash download page, but be sure not to be tricked into installing other third-party “optional offer” products at the same time (an irritating habit of Flash’s install program).
But I would also recommend going further than this, and enabling Click-to-Play, one of the best ways to protect yourself against criminals exploiting vulnerabilities in Adobe Flash.
Further reading:
- Hacking Team hacked – bad news for firm that helps governments spy on their citizens
- Lesson #1 from the Hacking Team hack: Choose strong passwords
- Hacking Team tells government customers to stop using its spyware, following hack
Linux flash (now version 11.2.202.481) has also been updated, fwiw. Pulled it before starting firefox and then saw this post.
Get Malwarebytes Anti-Exploit. It's free for use with web browsers and it blocks this exploit.
I can't understand folks ignoring it. It's from a firm with an impeccable reputation, it's free gratis and it works.