Adobe releases patch to fix Flash security flaw

Security

by CBR Staff Writer| 10 July 2014

The race is on to plug the gap that could steal your data.

Adobe Systems has unveiled a software patch to fix a security flaw in its Flash multimedia platform on Mac, Windows and Linux which could be exploited by hackers to access login credentials for popular websites like Twitter, eBay, and Instagram.

It is not just the popular websites, but also thousands of other sites, that are potentially at risk.

While big players such as Google, Microsoft, YouTube, Twitter, Olark, and Tumblr have already put fixes in place, some are working to block the threat and few others are yet to respond.

The companies acted in part due to the flaw spotted by Google security engineer Michele Spagnuolo based in Switzerland, who created a tool capable of converting swf flash files into malicious code.

The security flaw enables attackers to intercept the login cookie for many sites, which can then be used to hijack a user's account.

While Chrome or Internet Explorer ver. 10 or 11 browsers will automatically update with the latest versions of Flash, users using Firefox need to get the latest Flash version from Adobe directly.

Apps like Tweetdeck or Pandora are also identified as being at potential risk, and users are advised to update Adobe AIR that should happen automatically.

Although no reports about data breaches have surfaced, Adobe said code samples about the security flaw are easily available online, leaving millions of users at potential risk.

As an added security measure, Adobe also released the patch for computers that can't run the latest Flash version.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

755 people like this.
0 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.