Earlier it was Java, now it has been discovered that Adobe’s Flash software also has a vulnerability that gives complete control over compromised systems to hackers. This vulnerability, fixed in the just released version 12.0.0.44, affects Adobe Flash Player 12.0.0.43 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.335 and earlier versions for Linux, although Linux was listed as having a lower priority rating. Adobe has detailed the problem in a security bulletin. All users are recommended to update Flash on their computers, as well as Google’s Chrome browser which has it’s own Flash component. The version of Chrome that includes this fix is 32.0.1700.107 and should update this automatically, but you may have to restart the browser for the correct version to register in the “About Google Chrome” window. If you want to check which version you are running before going through the update process, you can go to this page on Adobe’s site. You can download OS specific installers from here. Windows users who browse the Web with anything other than Internet Explorer will need to apply two Flash updates, one for IE and one for any alternative browsers (Firefox, Opera, e.g.). Both updaters can be found on the download page. On a Mac, if you already have Flash installed, you can also go to the Flash Player settings in System Preferences and click on the Check for Updates button in the Advanced tab. Our friends at Kaspersky Labs make another appearance in the Acknowledgements of the security bulletin where Adobe thanks them for discovering the vulnerability;
“Adobe would like to thank the following individuals for reporting the relevant issues and for working with Adobe to help protect our customers:
Alexander Polyakov and Anton Ivanov of Kaspersky Labs (CVE-2014-0497)”
So if you’ve got the time now, and you probably should make the time, get those updaters downloaded and installed. Almost makes you want to remove both Java and Flash doesn’t it?