Adobe announced an update to Flash on Tuesday that could stop hackers from stealing information via cookies.
The
update applies to Flash 14.0.0.125 or earlier versions on Macs and PCs,
meaning users should update to 14.0.0.145. Those who are unable to
update to the current version can download Flash 13.0.0.231 here.
The
Adobe announcement did not detail the possible risks, but Google
security engineer Michele Spagnuolo explained on her blog that the flaw
allows hackers to collect cookies from certain websites using Flash,
thereby exposing user data.
The
attack has the potential to be nasty, but Spagnuolo noted that many of
the at-risk sites, including Google and YouTube, quickly responded to
the attack by updating their software. Other sites in danger include
Twitter, Tumblr and Instagram, all three of whom have since fixed their
sites.
But
Flash users may not be out of the woods quite yet. Based on Spagnuolo's
research into the issue, any website that uses JSON with padding is at
risk. She suggests that site developers "avoid using JSONP on sensitive
domains." Updating the versions of Flash running on their machines
should also help further protect users.
Microsoft also issued several updates Tuesday regarding susceptible spots on Windows and Internet Explorer.
Posted by : Gizmeon
No comments:
Post a Comment