Can we just get rid of Flash already? Adobe has released the second security update in less than a month for its Adobe Flash Player software on both Mac and Windows. The update addresses a threat that could allow an attacker to take control of a system. executing malicious code.
Security firm FireEye, (via ArsTechnica), says the vulnerability, (CVE–2014–0502), allowed attackers to compromise at least three nonprofit organizations.
From FireEye:
This threat actor clearly seeks out and compromises websites of organizations related to international security policy, defense topics, and other non-profit sociocultural issues. The actor either maintains persistence on these sites for extended periods of time or is able to re-compromise them periodically.
This actor also has early access to a number of zero-day exploits, including Flash and Java, and deploys a variety of malware families on compromised systems. Based on these and other observations, we conclude that this actor has the tradecraft abilities and resources to remain a credible threat in at least the mid-term.
Another critical security update was released just over two weeks ago, fixing the same zero-day vulnerability that gives hackers complete control over any compromised systems.
Adobe recommends all Flash Player version 12.0.0.70 and earlier users update their installations to the latest version of Flash. The latest version can be downloaded from Adobe’s website, or it can be updated from System Preferences on your Mac.