Adobe Systems is once again finding it hard to keep its Flash media player safe. The company issued its second patch to remedy “critical zero-day vulnerabilities.”
The security holes are allowing hackers to upload malware on users computers.
“The previously unknown vulnerabilities were unearthed in the 400-gigabyte data dump hackers published nine days ago after rooting the servers of Hacking Team, the Italy-based company that sold spyware and exploits to governments around the world,” according to Arstechnica.
The Flash vulnerabilities are all present in Windows, Mac OS and Linux versions of the software. It’s been an ongoing problem for a few days now and could get pretty bad for users who aren’t properly protected against malware attacks.
“At least one of them was potent enough to pierce the vaunted Google Chrome security sandbox, most likely because it was combined with a separate privilege-escalation exploit for Windows,” according to the article.
“It took only a few days after the earlier Flash vulnerability was found in the Hacking Team trove for blackhat hackers to begin actively exploiting it in the wild.”
The flaws were outright exploited by hackers. Users who aren’t aware of the attacks could be in grave danger of having important information siphoned from their devices. Arstechnica said that they often try to sway users from continuing the use of Flash. The article warns users to update their devices before heavy damage can be done.
“Readers are once again reminded to uncheck the box during the update process that shamelessly pushes Google Chrome, McAfee software, and other unwanted crapware,” warned Dan Goodin of Arstechnica.
“Windows users who use Firefox are also reminded that Adobe requires them to install a separate update for that browser and Internet Explorer.”
Keeping yourself safe might be worth limiting the use of Flash, at least until Adobe figures out a permanent fix to the problems.
Read the full story.