Printed from http://www.electronista.com

Adobe issues 'critical' patch for Flash for AIR, OS X, Windows, Linux

updated 01:00 am EDT, Wed July 9, 2014

Flaw allows attackers to steal authenticating cookies, hasn't been seen in wild yet

Adobe has issued an emergency patch of its Flash Player technology to correct a security flaw that could allow hackers false access to thousands of popular websites -- notably Twitter, Instagram, Tumblr and eBay among many others. The patch, which will update Flash to version 14.0.0.145, is considered "critical" for users of OS X, Windows and Linux operating systems. Even if users have Flash Player disabled in their browser, they may still need to update if they are using any products that require Adobe AIR.

The updated version number for Linux users is Adobe Flash Player 11.2.202.394. Users of Google Chrome and Internet Explorer versions 10 or 11 on Windows will have the Flash versions automatically updated when they update to the latest version of those browsers. The company advises that developers using the Adobe AIR SDK and Compiler should update to Adobe AIR version 14.0.0.137 of those tools, along with users of Adobe AIR for Android. Flash technology doesn't work on iOS devices, and therefore iPad, iPhone and iPod touch owners don't need to do anything for those devices.

The flaw affects previous versions of Flash Player as well, so the software should be disabled entirely on machines too old or running older operating systems that can't update to at least version 13.0.0.231, which Adobe has made available specifically for older machines and OS versions. Macs running OS X 10.6.x or later, or PCs still on Windows XP or later, should be able to update to either the aforementioned 13.0.0.231 or the latest version of Flash, which fixes the issue.

Affected websites are also attacking the vulnerability from their end, even though no known instances of attack through this vector has been seen "in the wild" as of yet. The flaw was found to allow hackers to steal the "cookie" used by many websites off of users' computers, allowing the attacker to login to the website as the just-departed user and take control of the account on that website.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. Jeronimo2000

    Forum Regular

    Joined: 08-20-01

    "Flash: Patching the unpatchable since 1997."

  1. climacs

    Dedicated MacNNer

    Joined: 09-06-01

    for cereal

  1. nouser

    Fresh-Faced Recruit

    Joined: 04-29-12

    Really... a critical flaw in Flash? Shocking!

  1. climacs

    Dedicated MacNNer

    Joined: 09-06-01

    I know, right? Hoocoodanode?

  1. Flying Meat

    Dedicated MacNNer

    Joined: 01-25-07

    Someone please just put it out of our misery. ;)

  1. JackWebb

    Fresh-Faced Recruit

    Joined: 08-31-07

    Chances of this version also having a security flaw: 99.999%

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lacking ...

Sponsor

toggle

Most Commented

 
toggle

Popular News