Adobe Acknowledges and Addresses Major Security Flaw in Flash: Releases Critical Fixes For Users
Adobe has released a new update to Windows and Mac users, to address a critical flaw that could lead to users being trapped by hackers on various popular websites such as Twitter, eBay, Instagram and Tumblr.
Adobe's latest security patch version for Mac and Windows is numbered 14.0.0.145, whereas users on Linux should see the security fix being numbered 11.2.202.394.
People using Microsoft Internet Explorer and Google Chrome should get the latest update automatically.
Users on other web browsers need to install Adobe Flash's latest security fix manually. Users can click here to verify current Flash Player version.
"These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions," states Adobe, in an official post.
According to a blog post by Michele Spagnuolo, an information science engineer at Google Switzerland, popular websites like Tumblr and Twitter that were affected with the latest hacker alarm, have now worked to fix the vulnerability.
These high profile sites were affected by JSONP abuse via Rosetta flash, which is a tool that converts SWF files to another file comprising of only alphanumeric characters that abuse JSONP endpoints leading victims to vulnerable gateways, thereby resulting in a data breach by hackers.
Spagnuolo also says that websites like YouTube and Google were also earlier victims of JSONP abuses via Rosetta Flash.
Adobe states that users of its AIR service (version 14.0.0.110) have also been affected, and these users need to upgrade to Adobe AIR 14.0.0.137.
Adobe has earlier been a victim of a cyber attack, wherein the company in 2013 admitted to hackers stealing credit-card related details of over three million of its customers.
© Copyright IBTimes 2024. All rights reserved.