Adobe announced an update to Flash on Tuesday that could stop hackers from stealing information via cookies.
The update applies to Flash 14.0.0.125 or earlier versions on Macs and PCs, meaning users should update to 14.0.0.145. Those who are unable to update to the current version can download Flash 13.0.0.231 here.
The Adobe announcement did not detail the possible risks are, but Google security engineer Michele Spagnuolo explained on her blog that the flaw allows hackers to collect cookies from certain websites using Flash, thereby exposing user data.
The attack has the potential to be nasty, but Spagnuolo noted that many of the at-risk sites, including Google and YouTube, quickly responded to the attack by updating their software. Other sites in danger include Twitter, Tumblr and Instagram, all three of whom have since fixed their sites.
But Flash users may not be out of the woods quite yet. Based on Spagnuolo's research into the issue, any website that uses JSON with padding is at risk. She suggests that site developers "avoid using JSONP on sensitive domains." Updating the versions of Flash running on their machines should also help further protect users.
Microsoft also issued several updates Tuesday regarding susceptible spots on Windows and Internet Explorer platforms.
Have something to add to this story? Share it in the comments.
 
No comments:
Post a Comment