New Adobe Flash bug allows hackers to take over your computer, update Flash to v11.3.300.271 to be safe

Adobe has released an out of the blue security bulletin stating a bug in Adobe Flash is being exploited by hackers and could potentially allow attackers to take over computers. The attack vector is malicious Microsoft Word documents that exploit the ActiveX version of Flash Player in Internet Explorer on Windows. According to Adobe, this vulnerability “could cause the application to crash and potentially allow an attacker to take control of the affected system”.

Adobe was notified about this security exploit by two unnamed researchers and Adobe has since then issued a patch to plug this bug. While the exploit appears to be on Windows only, the Flash update is being issued cross-platform to Windows, Linux, and Mac OS X. Anyone that wants to stay safe from this bug should immediately update their Flash Player to v11.3.300.271. Updates will be pushed by Adobe via the automatic updating feature in Flash Player or by users can manually update by downloading the latest version of Flash Player from Adobe’s website.

Although the Adobe Flash bug isn’t Microsoft’s fault despite Word being the delivery vehicle, Microsoft itself issued updates on Patch Tuesday that addressed 26 vulnerabilities, some of them being in Microsoft Office. No wonder Apple users like to laugh at us.

[via ArsTechnica | Image credit: marcopako]

Related Posts

  • john

    Have they straightened out the glitch between this and Sandboxie yet?

  • chuck (detailer)

    @sl0j0n: Well,it is dead for Android as of JB-that’s a start

  • sl0j0n

    Hello, Ashraf.
    Thanks for this, sorry I’m late to the party.
    BTW, *this* is ‘why’ “flash” needs to DIE!, DIE! DIE!
    Its been a near-constant source of aggravation, since win95 days.
    We can only hope that, soon,
    flash will “exist” only on some goober’s ‘nostalgic’ “this-is-the-way-things-were” webarchive.
    [Maybe that’s a new word, a?]

    Have a GREAT day, neighbor!

  • My Trend Micro flagged this download as malicious ware

  • chuck

    Zemana AntiLogger says the newest Flash is logging keystrokes!! WTF!!

  • chuck

    @DoktorThomas: That’s why the very first thing I do is disable auto updates in Windows.I have one rig running box stock XP SP2 w/ no updates-it’s infection free for 4 years and the fastest rig in the house,including my 7’s

  • DoktorThomas

    @Mike: Endless updates on PCs is a MSFT coding problem. They keep piling on bloat hoping for the best. They need to try innovation: an OS without IE is a start.

  • DoktorThomas

    All scripts disabled on 13 of my 15 PCs. Stopping Adobe Flash saves hours of worthless advertising… not to mention load time.

  • oldtimer3

    @BarrysCool:
    What, there is other browsers?

  • J_L

    Apples users laugh? Ha! With Macs clearly ripping you off in both hardware and software, PC users are the ones laughing (especially with the zero cost of Linux).

    The only reason Macs aren’t in much danger right now is obscurity, hackers can crack it even easier than Windows.

  • beatle

    @Mike:

    You are absolutely right. A previous recent Flash update was causing stability problem according to news at Major Geeks, and I’ve not updated since then.

    My main reason for having a PC is for gaming. However I find myself spending more time now trying to keep the PC stable, protected and up to date, which means I need to keep informed about dangers such as this. No wonder so many people use Linux to browse and consoles for gaming.

  • Mike

    @BarrysCool: Thanks for that reminder! I don’t know about the rest of you, but I can’t keep up with constant app. updates. The computer is supposed to help me, not be a newest and time-consuming maintenance project …

  • BarrysCool

    Adobe Flash is already built into Chrome and automatically updated by Google. So for all of you that use Chrome, no worries.

  • AFPhys

    “attack vector is malicious Microsoft Word documents that exploit the ActiveX version of Flash Player in Internet Explorer on Windows”

    Since I use Libre Office, have ActiveX disabled, and virtually eliminated IE on my machines — I think I can safely continue to override FP’s insistence that it be updated…

    Typically I keep Flash disabled, too, enabling it only for the few videos I need to watch each week.

    I sure will be happy when I can watch videos with some other player…

  • chuck

    2 versions ago (.265?),Zmana AntiLogger threw a flag that Flash was logging my keystrokes.
    I contacted Support,who forwarded my inquiry to Tech,but never heard back.
    Not a FP after all?

  • Ashraf

    @hatman: You are welcome!

  • hatman

    Thanks for the article Ashraf.