Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Another day, yet another emergency Adobe Flash patch. Because that's how we live now

Update your plugin now before someone pwns your PC

The new year hasn't been a pleasant one for Adobe: the Silicon Valley firm has scrambled to close yet more serious security holes in its Flash player.

Last week the Photoshop biz rushed out a patch for a critical flaw in Flash that miscreants were exploiting in the wild to hijack victims' computers.

Today, a new update has been pushed out to deal with two critical flaws: CVE-2015-0311 and CVE-2015-0312. The former was discovered by French malware researcher Kafeine, and the latter by someone called Bilou who contacted the Chromium team.

The vulnerability reported by Kafeine allows hackers to inject malicious code into a running machine – for example, it could be used with the Angler exploit kit to drop a Trojan onto a Windows system. Adobe said computers running Windows 8.1 or earlier are at risk.

Indeed, Adobe has evidence that CVE-2015-0311 is being exploited in the wild by hackers to attack Internet Explorer and Firefox browsers: a victim just has to surf to a website serving dodgy Flash files that leverage the plugin's security flaw to compromise the machine.

Users of Google Chrome are protected against the flaw by the browser's sandbox tech.

The Angler exploitation kit was one of the most widely used hacking tools last year, according to Cisco security researchers, who labelled the kit "one to watch."

The Flash patch has been pushed out as an automatic update, and you can find a build to install by hand here. Given that at least one of the flaws is being exploited right now, it's a good idea to get patching as soon as possible.

Meanwhile, Google's YouTube now defaults to HTML5 <video> rather than Adobe Flash to stream stuff. YouTube shifts more than six billion hours of video to viewers a month, according to the site. ®

Similar topics

TIP US OFF

Send us news


Other stories you might like