Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Patch alert: Update browsers' Flash ASAP to block log-on theft

Gregg Keizer | July 9, 2014
While Google's Chrome and Microsoft's IE10 and IE11 browsers will automatically update to the latest version of Adobe Flash, anyone using Safari, Firefox, Opera or older versions of IE must do so manually.

Twitter has since addressed the issue, Spagnuolo said in an update to his blog post.

Adobe's update strengthened Flash Player's handling of the kind of malformed .swf files that Rosetta Flash creates. "These updates include additional validation checks to ensure that Flash Player rejects malicious content from vulnerable JSONP callback APIs (CVE-2014-4671)," Adobe said in its security bulletin today.

Spagnuolo also provided steps that website owners can take to block or hinder exploits.

Users running browsers that do not automatically update to the latest version of Flash should download and install the appropriate extension version from Adobe's website. Microsoft updated IE10 and IE11 -- browsers that run on Windows 7, Windows 8 and Windows 8.1 -- and Google pushed the new Flash to Chrome for Windows and OS X via it's "component update system," a secondary service that delivers very small updates to only parts of Chrome.

"This issue is definitely in the wild with public exploit code," warned Ross Barrett, senior manager of security engineering at Rapid7, in an email. "Flash users should patch immediately."


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.