'Adobe Flash Player gets emergency update' diff viewer (0/1)

This article is from the source 'bbc' and was first published or seen on February 05, 2014 12:18 (UTC). It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.bbc.co.uk/news/technology-26045740

The article has changed 2 times. There is an RSS feed of changes available.

Previous version 1 Next version

Previous version 1 Next version

Version 0	Version 1
Adobe Flash Player gets emergency update	Adobe Flash Player gets emergency update
2014-02-05 12:20:28 UTC	2014-02-05 14:20:27 UTC (about 2 hours later)
Adobe has urged users of its Flash Player plug-in to install an update to protect themselves against the risk of hackers hijacking their PCs.	Adobe has urged users of its Flash Player plug-in to install an update to protect themselves against the risk of hackers hijacking their PCs.
It cited a "critical vulnerability" in older versions and said it had become aware of reports that cybercriminals had worked out a way to exploit it.	It cited a "critical vulnerability" in older versions and said it had become aware of reports that cybercriminals had worked out a way to exploit it.
A new version of the multimedia player has been made available for download for Windows, Mac and Linux computers.	A new version of the multimedia player has been made available for download for Windows, Mac and Linux computers.
This is the latest in a series of setbacks for the company.	This is the latest in a series of setbacks for the company.
The California-based software maker acknowledged that usernames and encrypted passwords had been stolen from about 38 million of its active account holders last year.	The California-based software maker acknowledged that usernames and encrypted passwords had been stolen from about 38 million of its active account holders last year.
And Flash vulnerability alerts frequently appear on security firms'warning lists.	And Flash vulnerability alerts frequently appear on security firms'warning lists.
"Adobe does seem to have an unfortunate history of people finding security flaws with Flash that require updates," independent security consultant Alan Woodward told the BBC.	"Adobe does seem to have an unfortunate history of people finding security flaws with Flash that require updates," independent security consultant Alan Woodward told the BBC.
"What Adobe seem to have done in this case is put out a warning, but it has not given as much information as other firms would normally do when issuing such a security advisory.	"What Adobe seem to have done in this case is put out a warning, but it has not given as much information as other firms would normally do when issuing such a security advisory.
"That might be them trying to avoid giving the hackers too much information whilst still telling people there is a problem."	"That might be them trying to avoid giving the hackers too much information whilst still telling people there is a problem."
Adobe only describes the flaw as being an "integer underflow vulnerability" in its report.	Adobe only describes the flaw as being an "integer underflow vulnerability" in its report.
Sandboxed software	Sandboxed software
The company thanks two researchers at the Kaspersky Lab for alerting it to the problem.	The company thanks two researchers at the Kaspersky Lab for alerting it to the problem.
The ~~Russian~~ security company ~~has~~ ~~not~~ ~~commented~~ on ~~the~~ ~~topic~~ ~~yet,~~ ~~but~~ ~~might~~ ~~reveal~~ ~~more~~ ~~information~~ at a ~~conference~~ it is ~~hosting~~ in ~~the~~ ~~Dominican~~ ~~Republic~~ ~~this~~ ~~weekend.~~	The Russia-based security company said it had discovered a Flash exploit that it believes had been created to target Chinese organisations and users.
~~In ~~the~~ ~~meantime,~~ ~~Apple~~ is ~~blocking~~ the ~~use~~ of ~~older~~ ~~versions~~ of ~~Flash~~ on ~~its~~ ~~Safari~~ ~~web~~ ~~browser.~~~~	"This attack works whereby when a document is opened, an embedded flash exploit starts an easy downloader to the disk, which then downloads a fully-featured backdoor and а Trojan spy," said Vyacheslav Zakorzhevsky, head of Kaspersky's Vulnerability Research Group.
	"The program goes on to steal passwords from popular email clients and grabs log-ins and passwords from the web-forms of popular social-email services."
	Apple is now blocking the use of older versions of Flash on its Safari web browser.
The firm introduced a "sandbox" feature to its Mavericks operating system in October that stops the Flash plug-in from running automatically. Users must first give it permission to activate and Apple can also disable the software remotely.	The firm introduced a "sandbox" feature to its Mavericks operating system in October that stops the Flash plug-in from running automatically. Users must first give it permission to activate and Apple can also disable the software remotely.
Adobe had previously worked with Google, Microsoft and Mozilla to offer similar protective measures.	Adobe had previously worked with Google, Microsoft and Mozilla to offer similar protective measures.
Adobe notes that users of Chrome, Internet Explorer 10 and Internet Explorer 11 should all see their browsers automatically update themselves to include the latest version of Flash.	Adobe notes that users of Chrome, Internet Explorer 10 and Internet Explorer 11 should all see their browsers automatically update themselves to include the latest version of Flash.
"This latest Flash 'zero-day' serves as a good reminder of the reasons security professionals urge users to enable browser plug-ins only when necessary," said Craig Young, a researcher at security firm Tripwire.	"This latest Flash 'zero-day' serves as a good reminder of the reasons security professionals urge users to enable browser plug-ins only when necessary," said Craig Young, a researcher at security firm Tripwire.
"It is important to note that browsers such as Chrome and Internet Explorer have Adobe's Flash technology 'baked in' making it necessary to explicitly disable it when not needed."	"It is important to note that browsers such as Chrome and Internet Explorer have Adobe's Flash technology 'baked in' making it necessary to explicitly disable it when not needed."
Video games	Video games
Although many websites still use Flash to provide videos, graphics, games and other content, large numbers of developers have switched to using the web language HTML 5 to create such effects.	Although many websites still use Flash to provide videos, graphics, games and other content, large numbers of developers have switched to using the web language HTML 5 to create such effects.
This has been spurred on by the fact that Flash is not supported on Apple's iOS platform and has been pulled from Google's Android Play store.	This has been spurred on by the fact that Flash is not supported on Apple's iOS platform and has been pulled from Google's Android Play store.
Adobe itself acknowledged in 2011 that HTML 5 offered the "best solution" for mobile devices because it was universally supported.	Adobe itself acknowledged in 2011 that HTML 5 offered the "best solution" for mobile devices because it was universally supported.
However, it continues to develop the software for PCs, suggesting it can deliver smoother animations and higher-quality 3D video games graphics than alternative technologies.	However, it continues to develop the software for PCs, suggesting it can deliver smoother animations and higher-quality 3D video games graphics than alternative technologies.