Adobe released an out of cycle update for its Flash multimedia platform on Mac, Windows and Linux on Tuesday to patch a security flaw that gives attackers the ability to hijack user's login credentials for popular websites like Twitter, eBay, Instagram, and more. Potentially thousands of sites are susceptible to the flaw, making the update critical for all Flash users.
Adobe patches another critical Flash security flaw
The security issue impacts Flash versions prior to yesterday's 18.104.22.168 update (22.214.171.1244 for Linux users). Adobe also released Flash 126.96.36.199 for computers that aren't capable of running the latest version.
The security flaw lets attackers intercept the login cookie for many sites, and then use that to login as the victim and take over their account. Sites that are susceptible to the Flash flaw are working to block the threat, too.
Google, YouTube, Twitter, Olark, and Tumblr have already put fixes in place, although other companies haven't been as quick to respond.
Adobe said there aren't any reports of the threat being exploited, but code samples detailing how to take advantage of the security flaw are easy to find online. With those code samples already available, it's a safe bet people are already working on their own attacks.