Linux, Windows, or Mac: You need to patch Adobe Flash
Adobe has just released not one, not two, but six critical Flash Player patches, so update Now.
I don't think about Adobe Flash much. I just use it. I think that's the case for most of us. Almost all the video on the Web is in Flash, and we just take it for granted. That's a mistake. Like any other popular application, it can be an easy way for a cracker to hack into your computer.
Take Adobe Flash's latest round of patches. Adobe doesn't say a lot about exactly what it's fixing in its security advisory, but out of the seven security bugs they're fixing, six of the repairs are on problems that "could potentially lead to code execution."
That's a fancy way of saying that they could be used to bust into your PC. Once there, they could install malware, rip off your personal data, and in general make your life a living hell.
Here's how this kind of thing works. A cracker designs a corrupted Flash (SWF) file. This file is then hosted or embedded in a Web page or even hidden inside a PDF (Portable Document Format) file. When you come along, your Adobe Flash Player runs the program instead of showing you the video content you expected. You may even see the video you were expecting.
In the meantime though the automatic attack is busily at work compromising your system. Usually these hidden attacks are made to infect your Windows PC with malware such as the easily defeated Trojan.Pidief.G.
But, and this is important, while Flash attacks are usually used to exploit Windows' many vulnerabilities, these Flash security holes are also in the Linux and Mac OS X versions as well. Sure, they're both safer than Windows, but if you don't patch your Linux and Mac OS X Adobe Flash Players, you're leaving a window of opportunity open for an enterprising hacker, who's counting on you not taking security seriously, to hack into your systems as well.
So, in short, regardless of what operating system you're running, update to the 'safe' version of Flash Player, 10.0.42.34, now. I'd rather be safe than sorry any day.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @ITworld
Brian Proffitt
openSUSE: Not for sale today
pasmith
Two new sources fuel the Verizon iPhone rumor mill
sjvn
The Corporation has gone Open Source
Mike Elgan
What to do with your Google 'Social Circle'
Sandra Henry-Stocker
Unix How To: Give me that old-time security!
Dan Tynan
What's worse than privacy legislation? No privacy legislation
The IFA consumer electronics exhibition turns 50
Albert Einstein opened the 7th Great German Radio and Phonograph Show, the forerunner to today's IFA, in Berlin in 1930. The show marked the public debut of a prototype 'television receiver.' Since then, some products, like the 3DTV, were ahead of their time. Others, like the MiniDisc...well, just never got off the ground. Here's a look at IFA's storied past.
IFA 2010
Samsung launches Galaxy Tab
3D content is king at giant tech show
PlayStation 3 will be ready for 3D by October
Sony announces music service, hints at TV service
Google's Schmidt to speak at Berlin show
3D, tablets galore expected at consumer electronics show
No immediate need to patch if you are using AppArmor
Ubuntu 9.10 has AppArmor 'standard equipment' and profiles your Firefox 3.5.x, Evince (Doc pdf viewer) which puts them in a safe 'sandbox'.Dietrich
http://www.dtschmitz.com
Case in point, Flash wasn't safe??
Can attest to flash exploits personally including manipulation in the home folder. This isn't going to make some people happy ^. I've tried to use the web without flash, but sometimes needed it. Like the first commenter said, to be safe use AppArmor, or don't allow flash cookies at any time (/dev/null anyone?). Though I like the product, it took Adobe 10+ months to fix these bugs (hopefully this implementation is much better).Automatically Updated
Well while others worry, Linux Mint automatically updated flash for me. My work has been done.