Patch Adobe Flash now - Hacking Team zero-day exploit fix included in emergency update

FlashWhile the world freaks out about the zombie apocalypse New York Stock Exchange and United Airlines suffering computer problems, there's some important news on the security front.

An emergency patch for Adobe Flash has been released, reportedly fixing critical zero-day vulnerabilities that have been exploited by hackers to compromised computer systems.

(And no, I have no reason to believe that the Adobe Flash vulnerability has anything to do with the hiccups that the NYSE and United Airlines are experiencing.)

Of course, what makes this patch particularly interesting is that it includes a fix for a zero-day vulnerability developed and exploited by Hacking Team, an Italian company who sells spyware to governments and law enforcement agencies and rather awkwardly suffered a massive hack earlier this week.

The attackers responsible for the security breach at Hacking Team, released many gigabytes worth of stolen data including email archives, internal documents and source code for the company's controversial products.

Which means, effectively, that details of the Adobe Flash zero-day tumbled into the wild for anybody to exploit.

A large number of other security holes appear to have also been addressed by this update, so I would recommend patching your systems at the earliest opportunity.

flash-wide

The patch can be found in Flash Player version 18.0.0.203 for Windows and Mac computers. For full details, and download links, check out the security advisory on Adobe's website.

If you are not sure which version of Adobe Flash you are running on your computer, visit this Adobe webpage which will tell you.

The most recent version of Flash is always available from the Flash download page, but be sure not to be tricked into installing other third-party "optional offer" products at the same time (an irritating habit of Flash's install program).

But I would also recommend going further than this, and enabling Click-to-Play, one of the best ways to protect yourself against criminals exploiting vulnerabilities in Adobe Flash.

Further reading:

Tags: , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , ,

2 Responses

  1. Coyote

    July 8, 2015 at 9:53 pm #

    Linux flash (now version 11.2.202.481) has also been updated, fwiw. Pulled it before starting firefox and then saw this post.

  2. Chris Thomas

    July 9, 2015 at 7:02 pm #

    Get Malwarebytes Anti-Exploit. It's free for use with web browsers and it blocks this exploit.

    I can't understand folks ignoring it. It's from a firm with an impeccable reputation, it's free gratis and it works.

Leave a Reply