We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Third time's the charm? Adobe patches even more critical Flash vulnerabilities

Adobe releases yet another critical security update for its Flash player software after hackers begin actively exploiting flaws in the wild.

On Tuesday, Adobe released yet another security patch for Flash player, addressing several critical vulnerabilities that would allow attackers to take control of affected computers. The update is for Windows, OSX, and Linux users. It's the fourth critical Flash update since the beginning of the year--and the third Flash security patch from Adobe in February alone.

A total of three serious exploits (CVE-2013-0504, CVE-2013-0643 and CVE-2013-0648) are addressed in this update, which Adobe said are already being used in the wild in targeted attacks. These exploits are designed to trick the user into clicking a link that redirects to a website where the computer is exposed to malicious Flash (SWF) files. Two of the exploits specifically target users of the Firefox browser.

These are "zero-day" exploits, meaning there were reports of users being hacked using the vulnerabilities. Adobe recommends Windows and Mac users update to Flash version 11.6.602.171 as soon as possible, either manually from the Adobe website, or via your browser's own update service. (Chrome and IE 10 users on Windows 8 are updated automatically.) If you download manually, make sure you deselect the default option to download McAfee Security Scan Plus as well.

The previous Flash patches this month addressed exploits that were designed to trick the user into opening a Microsoft Word document which contained malicious Flash content, as well as a vulnerability targeting Flash in Firefox and Safari for Macs. Adobe also had a critical security exploit fix in February for Adobe Reader. (If you're sick of Reader's frequent security headaches, we recently detailed a trio of PDF readers that are targeted much less frequently than Adobe's software.)

Flash isn't the only Web technology targeted by hackers this year. Oracle has also released several emergency updates for Java this month, after discovering exploits that allowed computers to be controlled remotely without authorization.

IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Why Apple shouldn't be blamed for exploitation in China and Indonesia