Adobe Flash

Everyone's favorite bug-ridden plug-in is back in the news, this time with a new critical security flaw that can be leveraged to steal user data. A Google engineer named Michele Spagnuolo was able to create a Flash exploit tool engineered to steal cookies and user data using malicious .SWF files.

The kicker here is that the flaw was widely known in the security community, but a fix hasn't been issued thus far as nobody had (until now) discovered a way to use it for stealing data. With Spagnuolo's hack, dubbed Rosetta Flash, revealing that it can indeed be possible, major software companies like Microsoft, Twitter, Google and Instagram have issued patches that fixes the issue.

If you're using Chrome or Internet Explorer 10 and 11, your browser should automatically update to the latest version of Flash (14.0.0.145), in which Adobe has patched the security hole. Firefox users should manually download the latest version of Flash from Adobe's website. If you downloaded the Flash runtime on your Windows, Linux or Mac computer, now would be a good time to update to the latest version.

Source: Michele Spagnuolo

 
There are 27 comments

Reader comments

Google, Microsoft and Twitter scramble to fix latest security vulnerability in Flash

27 Comments
Sort by Rating

"Michele" is a name for males, it's not "Michelle". Check the guy's LinkedIn profile, unless you consider him a very masculine woman, he's definitely a man.

Posted via Android Central App

Michele is NOT automatically a name for males. I've worked with 2 different Michele's. Pronounced the same as Michelle, get really bitchy when you spell it with 2 L's haha

No, it's not automatically a name for males. I assumed female as well.

Posted from my Nexus 5 via Android Central App

Every single month, on patch Tuesday, there is a new version of flash that fixes some massive security hole so nothing new.

Forgive my naivety, but if one were to have flash on their android phone, and adobe said they were no longer supporting flash on android, does the android user need to be concerned with this news?

I was thinking the same thing. It was pulled from the Play store when 4.1 JB was released. So I guess for users with older versions of Android or those who've sideloaded it. I use Chrome Beta exclusively so no point in sideloading for me. Can't say I've missed it or otherwise noticed with the sites I've used.

Unless of course since adobe doesn't support flash on mobile anymore and isn't supposed to be on mainstream mobile, only supposed to be on desktop/laptop computers, then the story may not deem it necessary to mention mobile, hence the question asked at the beginning of the thread...

It seems like it was just yesterday when everyone was ripping apple for not supporting flash. lol. Heck, I was one of them. I'll take my crow medium rare.

Why are Twitter and Instagram mentioned? They don't make a web browser that uses flash. Their apps on android and iOS certainly don't use it.

Posted via Android Central App

That's easy, because Google don't want anything to do with flash player in any way. I read this in some magazine last year that part of the launch of Kitkat was the announcement of the end of flash player, this has been one of the major factors in upgrading apps for tablets. I'm not too sure about Jellybean but Kitkat is definitely not built for flash or sdcard storage which in my opinion is wrong.