Adobe Flash

Everyone's favorite bug-ridden plug-in is back in the news, this time with a new critical security flaw that can be leveraged to steal user data. A Google engineer named Michele Spagnuolo was able to create a Flash exploit tool engineered to steal cookies and user data using malicious .SWF files.

The kicker here is that the flaw was widely known in the security community, but a fix hasn't been issued thus far as nobody had (until now) discovered a way to use it for stealing data. With Spagnuolo's hack, dubbed Rosetta Flash, revealing that it can indeed be possible, major software companies like Microsoft, Twitter, Google and Instagram have issued patches that fixes the issue.

If you're using Chrome or Internet Explorer 10 and 11, your browser should automatically update to the latest version of Flash (14.0.0.145), in which Adobe has patched the security hole. Firefox users should manually download the latest version of Flash from Adobe's website. If you downloaded the Flash runtime on your Windows, Linux or Mac computer, now would be a good time to update to the latest version.

Source: Michele Spagnuolo

 
There are 26 comments

D13H4RD2L1V3 says:

All it takes is one guy to make changes.

Bravo to that guy.

ConTejas says:

Or in this case one woman

D13H4RD2L1V3 says:

A woman?!

*Massive facepalm*

TheNexusMan says:

Nope, you were right. Michele Spagnuolo is a man.

sher9501 says:

"Michele" is a name for males, it's not "Michelle". Check the guy's LinkedIn profile, unless you consider him a very masculine woman, he's definitely a man.

Posted via Android Central App

ConTejas says:

Haha whoops!! You caught me going all 'Murica. Looking on LinkedIn it's definitely a man, baby.

atticuszer03 says:

Michele is NOT automatically a name for males. I've worked with 2 different Michele's. Pronounced the same as Michelle, get really bitchy when you spell it with 2 L's haha

D13H4RD2L1V3 says:

What?! He's a guy?!

*Double facepalm*

vividrich says:

No, it's not automatically a name for males. I assumed female as well.

Posted from my Nexus 5 via Android Central App

TheNexusMan says:

Actually, he was correct. Michele is a guy.

startac7868 says:

Yeah it's French.

Michele, Miguel, Michael, Mikhail just off the top of my head.

But then...I find there are so-so many others http://en.wikipedia.org/wiki/Michael#Forms_across_languages

Zahl says:

Every single month, on patch Tuesday, there is a new version of flash that fixes some massive security hole so nothing new.

canonBoy says:

Forgive my naivety, but if one were to have flash on their android phone, and adobe said they were no longer supporting flash on android, does the android user need to be concerned with this news?

Quite possibly...

Posted via Android Central App

Hunter Petit says:

Yes, UNINSTALL UNINSTALL!

Posted with my Nexus 7 2012 or Moto X via the Android Central App

ConTejas says:

I was thinking the same thing. It was pulled from the Play store when 4.1 JB was released. So I guess for users with older versions of Android or those who've sideloaded it. I use Chrome Beta exclusively so no point in sideloading for me. Can't say I've missed it or otherwise noticed with the sites I've used.

anekin007 says:

I think this exploit affects computer rather than mobile devices from the looks of the last sentence.

canonBoy says:

Unless of course since adobe doesn't support flash on mobile anymore and isn't supposed to be on mainstream mobile, only supposed to be on desktop/laptop computers, then the story may not deem it necessary to mention mobile, hence the question asked at the beginning of the thread...

estockda says:

Will Flash just die already?!

neonworm says:

I hope so.

Sent from my amazing Galaxy S3

rrballer11 says:

Flash is dieing already.. Its just a matter of time till they fully adopt HTML 5

Posted via Android Central App

It seems like it was just yesterday when everyone was ripping apple for not supporting flash. lol. Heck, I was one of them. I'll take my crow medium rare.

cowboys2000 says:

You are not alone!

Posted via Android Central App

honkey haze says:

no reason for the crow. i was (also) using ios back when it needed flash, it sucked.

Alcarnor14 says:

Why are Twitter and Instagram mentioned? They don't make a web browser that uses flash. Their apps on android and iOS certainly don't use it.

Posted via Android Central App

Mark Livsey says:

That's easy, because Google don't want anything to do with flash player in any way. I read this in some magazine last year that part of the launch of Kitkat was the announcement of the end of flash player, this has been one of the major factors in upgrading apps for tablets. I'm not too sure about Jellybean but Kitkat is definitely not built for flash or sdcard storage which in my opinion is wrong.