Adobe Flash Patch Fixes Critical Website Login Stealing Security Flaw

| News

Adobe released an out of cycle update for its Flash multimedia platform on Mac, Windows and Linux on Tuesday to patch a security flaw that gives attackers the ability to hijack user's login credentials for popular websites like Twitter, eBay, Instagram, and more. Potentially thousands of sites are susceptible to the flaw, making the update critical for all Flash users.

Adobe patches another critical Flash security flawAdobe patches another critical Flash security flaw

The security issue impacts Flash versions prior to yesterday's 14.0.0.145 update (11.2.202.394 for Linux users). Adobe also released Flash 13.0.0.231 for computers that aren't capable of running the latest version.

The security flaw lets attackers intercept the login cookie for many sites, and then use that to login as the victim and take over their account. Sites that are susceptible to the Flash flaw are working to block the threat, too.

Google, YouTube, Twitter, Olark, and Tumblr have already put fixes in place, although other companies haven't been as quick to respond.

Adobe said there aren't any reports of the threat being exploited, but code samples detailing how to take advantage of the security flaw are easy to find online. With those code samples already available, it's a safe bet people are already working on their own attacks.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

Comments

RonMacGuy

God, I hate Flash.

Macfox

Thanks for the heads up, Jeff. I’ve fought over whether to continue with Adobe (flash) or delete it (as recommended by Apple; I believe). Has there been a podcast with the pros and cons that I missed? Do you use Flash?
I’d like to hear some feedback on what others have done as I’m seriously considering deleting it off all my computers.

TIA,
Bob (Macfox)

Log-in to comment