A critical vulnerability in Adboe Flash was released yesterday. While some browsers will update automatically, others will need to be updated by IT to avoid attacks that could steal users log-in credentials.
The flaw has actually been known in some circles for a while. Security researcher Michele Spagnuolo alerted Google and Adobe to the flaw in Flash, which can be exploited to send sensitive information to hackers.
According to Spagnuolo’s blog post on the attack, which he dubs Rosetta Flash, “ by uploading a carefully crafted SWF, an attacker can make the victim perform requests that have side effects and exfiltrate sensitive data to an external, attacker-controlled, domain.”
Some browsers update automatically, others won’t
If you’re on Google Chrome or Microsoft Internet Explorer 10 or 11, you’re covered. Since those browsers package Flash into them, Google and Microsoft automatically patch flawed versions for users.
However, other browsers will require downloading the Adobe Flash update released yesterday, July 8.
This includes earlier versions of Internet Explorer, any version of Mozilla Firefox or the Opera browser or other web browsers your users may have.
Internet Explorer patches released, too
In addition to the Adobe patch, yesterday marked a significant update to Internet Explorer as well as part of its Patch Tuesday updates.
Twenty four patches were released for the browser. Two of them were rated critical.
As always, try to make sure users are on the most up-to-date versions of their browsers. It’s a good line of defense against hacks and could help stave off glitches.