Technology giants Adobe, Microsoft Tuesday each released security updates and issued an upgrade for Flash Player and for Acrobat/Reader. Microsoft discharged only four updates to connect around 15 security gaps to Windows and related programming.
From now and into the foreseeable future, a portion of the information focuses right now in the individual overhauls will be lumped into a “Security Updates Guide” distributed with every Patch Tuesday.
Windows clients and any other person with Flash introduced should ensure that Adobe Flash Player is upgraded (or reasonably beat, more on that in a bit). Adobe’s Flash overhaul addresses 13 imperfections in the generally introduced program module. The fix conveys Flash to v. 24.0.0.194 for Windows, Mac and Linux clients alike.
If you have Flash installed, you should update, hobble or remove Flash as soon as possible. To see which version of Flash your browser may have installed, check out this page.
The most recent versions of Flash should be available from the Flash home page. Windows users who browse the Web with anything other than Internet Explorer may need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.).
My version of Chrome says it’s the latest one (55.0.2883.87) but the Chrome Releases blog says the latest stable version — 55.0.2883.105 includes the Flash fixes (among other security fixes for Chrome), which isn’t yet being offered. Adobe’s Web site tells me my Flash version is 24.0.0.186 (not the latest).
An extremely powerful and buggy program that binds itself to the browser, Flash is a favourite target of attackers and malware. For some ideas about how to hobble or do without Flash (as well as slightly less radical solutions) check out A Month Without Adobe Flash Player.
When in doubt with Chrome, click the vertical three dot icon to the right of the URL bar, select “Help,” then “About Chrome”: If there is an update available, Chrome should install it then. In either case, be sure to restart the browser after installing an update (if it doesn’t do that for you).
The Evasive Panda group deployed a new C# framework named CloudScout to target a Taiwanese…
Researchers warn of ongoing spear-phishing attacks by Russian threat actor Midnight Blizzard targeting individuals in…
The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215 against…
Researchers have identified a network of compromised devices, CovertNetwork-1658, used by Chinese threat actors to…
A security researcher discovered a vulnerability in Windows theme files in the previous year, which…
The ongoing Meta malvertising campaign, active for over a month, employs an evolving strategy to…