It’s that time again.
If you’re one of those folks who hasn’t yet decided that you can live without Flash (and remember, PornHub is no longer an excuse to keep Flash on your computer), then you really should update the bug-riddled software with Adobe’s latest round of security patches.
The Flash vulnerabilities are rated as “critical” for those using Adobe Flash Player on Windows, Mac OS X, Linux and ChromeOS, and address vulnerabilities that could potentially allow an attacker to take control of your computer.
Meanwhile, Microsoft has issued 14 security bulletins – made up of seven critical and seven important updates addressing a total of 50 vulnerabilities.
Perhaps the most important flaw addressed by Microsoft in the update is a zero-day vulnerability in Internet Explorer:
The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
It’s not unusual to see online criminals taking a close interest in the security patches issued by the likes of Adobe and Microsoft, and launching attacks to exploit the newly-disclosed vulnerabilities against end users and corporations.
Don’t drag your feet. If the likes of Adobe and Microsoft take the step of describing vulnerabilities in their software as “critical”, it’s important that you patch at your earliest opportunity.
Recent post by Tripwire lists them all as "no exploit found", conflicting view or best double-checked?