We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Third time's the charm? Adobe patches even more critical Flash vulnerabilities

Adobe releases yet another critical security update for its Flash player software after hackers begin actively exploiting flaws in the wild.

On Tuesday, Adobe released yet another security patch for Flash player, addressing several critical vulnerabilities that would allow attackers to take control of affected computers. The update is for Windows, OSX, and Linux users. It's the fourth critical Flash update since the beginning of the year--and the third Flash security patch from Adobe in February alone.

A total of three serious exploits (CVE-2013-0504, CVE-2013-0643 and CVE-2013-0648) are addressed in this update, which Adobe said are already being used in the wild in targeted attacks. These exploits are designed to trick the user into clicking a link that redirects to a website where the computer is exposed to malicious Flash (SWF) files. Two of the exploits specifically target users of the Firefox browser.

These are "zero-day" exploits, meaning there were reports of users being hacked using the vulnerabilities. Adobe recommends Windows and Mac users update to Flash version 11.6.602.171 as soon as possible, either manually from the Adobe website, or via your browser's own update service. (Chrome and IE 10 users on Windows 8 are updated automatically.) If you download manually, make sure you deselect the default option to download McAfee Security Scan Plus as well.

The previous Flash patches this month addressed exploits that were designed to trick the user into opening a Microsoft Word document which contained malicious Flash content, as well as a vulnerability targeting Flash in Firefox and Safari for Macs. Adobe also had a critical security exploit fix in February for Adobe Reader. (If you're sick of Reader's frequent security headaches, we recently detailed a trio of PDF readers that are targeted much less frequently than Adobe's software.)

Flash isn't the only Web technology targeted by hackers this year. Oracle has also released several emergency updates for Java this month, after discovering exploits that allowed computers to be controlled remotely without authorization.

IDG UK Sites

Sony Xperia Z3+ release date, price and specs: The Xperia Z4 for the UK

IDG UK Sites

Why Intel’s vision of the future is a future I want to live in

IDG UK Sites

10 amazing, creative uses of tech – and the brands behind them

IDG UK Sites

Jony Ive 'semi-retired' into new role: kicked upstairs as Chief Design Officer