14 DAY TRIAL // A Support document on Apple’s web site reveals that old versions of the Adobe Flash Player are vulnerable to hacker attacks and that customers should download and install the newest version of the platform as soon as possible.
“Adobe Flash Player updates are available that address a recently-identified Adobe Flash Player web plug-in vulnerability,” Apple says.
Windows and Mac users received version 13.0.0.182, while Linux users got Flash Player 11.2.202.350 following the discovery of four critical vulnerabilities in the software.
Adobe’s advisory states that the Photoshop maker “has released security updates for Adobe Flash Player 12.0.0.77 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.346 and earlier versions for Linux.”
“These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions,” the company adds.
In the Macintosh camp, Apple tells its faithful customers that “If the version of Adobe Flash plug-in you are using is out of date, you may see the message, ‘Blocked plug-in,’ ‘Flash Security Alert’ or ‘Flash out-of-date’ when attempting to view Flash content in Safari.”
If that happens, customers who further click the indicator will see an alert that states, “Adobe Flash Player is out-of-date,” in what would suggest that the customer is forced to download and install the latest version of the Flash Player plugin.
Apple then outlines the following steps so that Mac users can be sure they downloaded the absolute newest version of the player. Safari customers are also instructed how to turn on “unsafe mode,” should they need to use an older (non-patched) version of the software.
“1. Click the Download Flash button. 2. Safari opens Adobe Flash Player installer page on the Adobe website. 3. Click the Download now button on the Adobe website to download the latest Adobe Flash Player installer. 4. After the download completes, open the downloaded disk image (usually located in your Downloads folder) if it does not open automatically. 5. In the window that appears, open the installer and follow the onscreen instructions.
Note: If you need to run an older version of Flash, you can use web plug-in management to re-enable it for specific websites using ‘Run in Unsafe Mode’ in Safari 6.1 or later.”
According to the NIST’s National Vulnerability Database, one of the flaws allows remote attackers to execute code and bypass a sandbox protection mechanism, while a use-after-free bug could also be exploited for arbitrary code execution. The latter vulnerability was reported by VUPEN at the Pwn2Own hacking contest last month.