Adobe Flash Patch Fixes Critical Website Login Stealing Security Flaw

| News

Adobe released an out of cycle update for its Flash multimedia platform on Mac, Windows and Linux on Tuesday to patch a security flaw that gives attackers the ability to hijack user's login credentials for popular websites like Twitter, eBay, Instagram, and more. Potentially thousands of sites are susceptible to the flaw, making the update critical for all Flash users.

Adobe patches another critical Flash security flawAdobe patches another critical Flash security flaw

The security issue impacts Flash versions prior to yesterday's update ( for Linux users). Adobe also released Flash for computers that aren't capable of running the latest version.

The security flaw lets attackers intercept the login cookie for many sites, and then use that to login as the victim and take over their account. Sites that are susceptible to the Flash flaw are working to block the threat, too.

Google, YouTube, Twitter, Olark, and Tumblr have already put fixes in place, although other companies haven't been as quick to respond.

Adobe said there aren't any reports of the threat being exploited, but code samples detailing how to take advantage of the security flaw are easy to find online. With those code samples already available, it's a safe bet people are already working on their own attacks.

The Mac Observer Spin The Mac Observer Spin is how we show you what our authors think about a news story at quick glance. Read More →

If you really, really need Flash on your computer, then install this security patch immediately. If not, then maybe it's time to uninstall Flash.

Popular TMO Stories



God, I hate Flash.


Thanks for the heads up, Jeff. I’ve fought over whether to continue with Adobe (flash) or delete it (as recommended by Apple; I believe). Has there been a podcast with the pros and cons that I missed? Do you use Flash?
I’d like to hear some feedback on what others have done as I’m seriously considering deleting it off all my computers.

Bob (Macfox)

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account