Emergency Flash Update Addresses Active Malware Attacks

| News

Adobe released an emergency update for Flash on Thursday to address two security issues that are already being exploited by hackers. One of the threats targets Safari and Firefox on the Mac and could let attackers take control of victim's systems.

Adobe released an out-of-cycle Flash update to block malware attacksAdobe released an out-of-cycle Flash update to block malware attacks

The vulnerability lets attackers use Flash to deliver the malware payload when visiting websites, and Adobe is advising Flash users to update to version 11.5.502.149 as soon as possible. The second vulnerability targets Windows users by including maliciously crafted Flash content in Word documents.

Firefox users are susceptible to the vulnerabilty despite the browser's feature that can prevent multimedia content from playing until clicked because Flash isn't blocked from auto-playing, unlike Java and QuickTime.

Users can download Flash 11.5.502.149 at the Adobe Website, and Safari may show a warning that Flash has been disabled along with a download option. The Adobe Website also offers a tool to verify which Flash version is currently running on your computer.

As always, we advise staying away from dubious and unfamiliar Websites.

Sign Up for the Newsletter

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday.

11 Comments Leave Your Own

paikinho

Thanks, I had this message pop up this morning and so I just shut Safari down not knowing what it was or why it popped up.

Jeff Gamet

Sure thing! We’ve got your back. smile

geoduck

Been using Click-to-Flash for a year or two now. This reminded me that I hadn’t clicked on anything to see Flash content in I don’t know how long. So this morning I pulled the last bit of Flash off my Mac. I am now running Flash Free.

Is this the 21st century version of “going commando”?

Lee Dronick

“Sure thing! We’ve got your back”

Thank you, though it is a shame that you have to do that.

corradokid

Awesome.

How do we push out an update/install of Flash to 600+ enterprise users who are not admins of their Mac? Does Adobe have a stand-alone Mac installer that will work via Apple Remote Desktop?

Groof

I have been getting an installer ‘failed’ error all day. Anyone else running into problems downloading Flash?

paikinho

I don’t think I have used much flash anymore either come to think of it. Funny how these things sort of fade away. But the message popped up and I couldn’t seem to bypass it so I needed to get the update installed.

I hadn’t thought to just eliminate it altogether, but that probably isn’t possible for me since my wife uses an account on this machine as well.

Gameboy

I thought it might have been a hijacked page, so I manually went to Adobe’s Site to download it.

Lee Dronick

“I thought it might have been a hijacked page, so I manually went to Adobe’s Site to download it.”

I updated via the Flash System Preference pane.

iJack

Although the Flash System Preference pane is set to do it automatically, I got no warning at all, until I got here.

Lee Dronick

Jack, I didn’t get a warning that it was out of date. I don’t have the preference set to automatically install updates, I don’t trust that, but it is set to “Notify me to install updates.” Maybe that is because I have the Click to Flash plugin installed in Safari.

Log-in to comment