Everyone's favorite bug-ridden plug-in is back in the news, this time with a new critical security flaw that can be leveraged to steal user data. A Google engineer named Michele Spagnuolo was able to create a Flash exploit tool engineered to steal cookies and user data using malicious .SWF files.
The kicker here is that the flaw was widely known in the security community, but a fix hasn't been issued thus far as nobody had (until now) discovered a way to use it for stealing data. With Spagnuolo's hack, dubbed Rosetta Flash, revealing that it can indeed be possible, major software companies like Microsoft, Twitter, Google and Instagram have issued patches that fixes the issue.
If you're using Chrome or Internet Explorer 10 and 11, your browser should automatically update to the latest version of Flash (18.104.22.168), in which Adobe has patched the security hole. Firefox users should manually download the latest version of Flash from Adobe's website. If you downloaded the Flash runtime on your Windows, Linux or Mac computer, now would be a good time to update to the latest version.
Source: Michele Spagnuolo