>the laziest blog on earth...contact me: mudwerks AT gmail DOT com
ALL MY SONGS!...
AVAILABLE NOW on bandcamp!
(via xkcd: All Adobe Updates)
Adobe Systems has released a patch for two Flash player vulnerabilities that are being actively exploited online to surreptitiously install malware, one in attacks that target users of Apple’s Macintosh platform.
While Flash versions for OS X and Windows are the only ones reported to be under attack, Thursday’s unscheduled release is available for Linux and Android devices as well. Users of all affected operating systems should install the update as soon as possible.
The Mac exploits target users of the Safari browser included in Apple’s OS X, as well as those using Mozilla’s Firefox. That vulnerability, cataloged as CVE-2013-0634, is also being used in exploits that trick Windows users into opening booby-trapped Microsoft Word documents that contain malicious Flash content, Adobe said in an advisory. Adobe credited members of the Shadowserver Foundation, Lockheed Martin’s Computer Incident Response Team, and MITRE with discovery of the critical bug.
The other bug under attack, CVE-2013-0633, also works by tricking Windows users into opening a Word document containing malicious Flash content. It was discovered by researchers from antivirus provider Kaspersky Lab…
Adobe has released an emergency update for its Flash Player that fixes a security bug that’s being actively exploited to hijack Windows computers running the ubiquitous software.
The “object confusion vulnerability” resides in all Flash versions, including those for devices running Mac OS X, Linux, Google’s Android OS, and Windows, Adobe said in an advisory published Friday. The bug “is being exploited in the wild in active targeted attacks designed to trick the users into clicking on a malicious file delivered in an e-mail message,” it went on to say, citing reports received from Microsoft. The exploits target Flash on Internet Explorer for Windows only.
While attacks are limited to Windows users and appear to be highly selective in who is targeted, people running other systems, particularly Macs, should install the security fix immediately. As the 600,000 or so Mac-using victims of the Flashback malware learned last month, Apple’s OS X is becoming a viable target now that its market share has risen to levels that make it worth an attacker’s time. The experience shows that determined hackers can exploit any unpatched platform and that complacency about installing updates is one of the biggest obstacles to securing a system.
Those running Flash Player 11.2.202.233 and earlier on Windows, Mac, and Linux; versions 11.1.115.7 or earlier on Android 4.x; and versions 11.1.111.8 on Android 3.x and 2.x should update at once. To find out what Flash version a device uses, users can visit this link. Adobe still hasn’t made its patching system as simple as it needs to be for it to be widely used, but it’s getting better. Windows users now have the ability to receive updates relatively seamlessly, and a separate version of Flash for Google’s Chrome browser for all operating systems also updates automatically. Those on other platforms still must manually install fixes.
Users can download the updates here, except for Android users, who must get them from Google Play.
Adobe rushed out a security update to its Flash Playeron March 6, ahead of the company’s normal release on the second Tuesday of the month. The fix is for a critical flaw in Flash that could “cause a crash and potentially allow an attacker to take control of the system.”
The vulnerability, discovered by Tavis Ormandy and Fermin Serna of Google’s security team, affects Flash players on Windows, Mac OS X, Linux, and Solaris operating systems, as well as Google Chrome and Android. It takes advantage of a bug in Flash’sMatrix3D class, which could allow an attacker to corrupt system memory. That could allow the attacker to inject and execute code on a targeted system, gaining control of it.
Amazon has promised a major over-the-air update for the Kindle Fire in the next two weeks, according to the New York Times. The update will fix some of the device’s major flaws, including poor performance and the inability to edit the “carousel” of recently viewed items to remove embarrassing or useless icons.
The Kindle Fire has received mixed reviews since its launch on November 14. In our own review, we faulted the Fire for inconsistency in touchscreen responsiveness, slow loading speeds, frustrating keyboard, and lack of security controls, among other things. While the device had some net positive reviews, usability expert Jakob Nielsen told the NYT in an interview that the Kindle Fire has a “disappointingly poor” usage experience, and he could not recommend buying it…
[I really like it - despite the flaws…]
