December 09, 2009, 5:37 PM — I don't think about Adobe Flash much. I just use it. I think that's the case for most of us. Almost all the video on the Web is in Flash, and we just take it for granted. That's a mistake. Like any other popular application, it can be an easy way for a cracker to hack into your computer.
Take Adobe Flash's latest round of patches. Adobe doesn't say a lot about exactly what it's fixing in its security advisory, but out of the seven security bugs they're fixing, six of the repairs are on problems that "could potentially lead to code execution."
That's a fancy way of saying that they could be used to bust into your PC. Once there, they could install malware, rip off your personal data, and in general make your life a living hell.
Here's how this kind of thing works. A cracker designs a corrupted Flash (SWF) file. This file is then hosted or embedded in a Web page or even hidden inside a PDF (Portable Document Format) file. When you come along, your Adobe Flash Player runs the program instead of showing you the video content you expected. You may even see the video you were expecting.
In the meantime though the automatic attack is busily at work compromising your system. Usually these hidden attacks are made to infect your Windows PC with malware such as the easily defeated Trojan.Pidief.G.
But, and this is important, while Flash attacks are usually used to exploit Windows' many vulnerabilities, these Flash security holes are also in the Linux and Mac OS X versions as well. Sure, they're both safer than Windows, but if you don't patch your Linux and Mac OS X Adobe Flash Players, you're leaving a window of opportunity open for an enterprising hacker, who's counting on you not taking security seriously, to hack into your systems as well.
So, in short, regardless of what operating system you're running, update to the 'safe' version of Flash Player, 10.0.42.34, now. I'd rather be safe than sorry any day.
