Less than three weeks ago, Adobe released a critical security update for its Flash Player plug-in fixing an exploit that allowed machines to be accessed remotely by attackers.

Yet another security update is out today (and strongly recommended). The new build (Version 12.0.0.70) intends to address a vulnerability that allowed attackers to target at least three nonprofit websites according to security firm FireEye and reported by ArsTechnica

From FireEye:

This threat actor clearly seeks out and compromises websites of organizations related to international security policy, defense topics, and other non-profit sociocultural issues. The actor either maintains persistence on these sites for extended periods of time or is able to re-compromise them periodically.

This actor also has early access to a number of zero-day exploits, including Flash and Java, and deploys a variety of malware families on compromised systems. Based on these and other observations, we conclude that this actor has the tradecraft abilities and resources to remain a credible threat in at least the mid-term.

OS X users can prompt the update to initiate in the System Preferences app, and the update is available from Adobe’s site here. Adobe also offers an uninstaller to remove Adobe Flash completely.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

4 Responses to “Adobe releases Adobe Flash security update in second emergency fix this month”

  1. UNINSTALL Flash now. Seriously, anyone who still has Flash installed has rocks in their head.

    Like

    • Matt Wilson says:

      Isn’t that the other way around?

      Like

    • ctxppc says:

      I just wish I could just remove it, but the internet didn’t follow up that closely. My recommendation would be to minimise Flash use. The ClickToFlash Safari extension disables all Flash until you click it, but most important: if the extension finds a video source URL (on YouTube and many others), it uses Safari’s native player (also used for HTML5 video elements) without a trace of that proprietary, buggy, and slow software called “Flash” (or video ads for that matter).

      I don’t agree on the “rocks in their head thing” though: Flash is necessary for a “full experience,” i.e. for not being thrown out off a website by a stubborn and/or lazy web developer (or their managers).

      Like