Yet another critical security flaw has been found for Adobe’s notoriously sieve-like Flash plug-in, this time by Google Engineer Michele Spagnuolo. His exploit tool, called “Rosetta Flash” is just a proof of concept, but could allow hackers to steal your cookies and other data using malicious Flash .SWF files. The exploit is well known in the security community, but had been left unfixed until now as nobody had found a way to harness it for evil. So how does this affect you? Many companies like Twitter, Microsoft, Google and Instagram have already patched their sites, but beware of others that may still be vulnerable. Adobe now has a fix, and if you use Chrome or Internet Explorer 10 or 11, your browser should automatically update soon with the latest versions of Flash, 220.127.116.11 (check your version here). However, if you have a browser like Firefox, you may want to grab the latest Flash version from Adobe directly (watch out for unwanted add-ons with pre-checked boxes). Finally, if you use apps like Tweetdeck or Pandora, you’ll need to update Adobe AIR — that should happen automatically, but the latest version is 18.104.22.168 for Windows, Mac and Android.
Filed under: Internet
Via: Krebson Security