flashicon.jpgAdobe today released a second security update for its Adobe Flash Player software on both Mac and Windows, addressing a threat that could allow an attacker to take control of an affected system, executing malicious code. The vulnerability (CVE–2014–0502) allowed attackers to compromise at least three nonprofit organizations according to security firm FireEye (via ArsTechnica).

This threat actor clearly seeks out and compromises websites of organizations related to international security policy, defense topics, and other non-profit sociocultural issues. The actor either maintains persistence on these sites for extended periods of time or is able to re-compromise them periodically.

This actor also has early access to a number of zero-day exploits, including Flash and Java, and deploys a variety of malware families on compromised systems. Based on these and other observations, we conclude that this actor has the tradecraft abilities and resources to remain a credible threat in at least the mid-term.

Today's update follows a critical security update that was released just over two weeks ago, fixing the same zero-day vulnerability giving hackers complete control over compromised systems.

The vulnerability affects all Macs with Adobe Flash Player versions before 12.0.0.70 and Adobe recommends all users update their products to the latest of Flash. Adobe maintains a site where users can check the version of Flash installed and the up-to-date Flash software can be downloaded from Adobe's website.

Top Rated Comments

tokolo Avatar
tokolo
128 months ago
Just kill the damn thing Adobe.
Score: 25 Votes (Like | Disagree)
BigBeast Avatar
BigBeast
128 months ago
A secure platform wouldn't need these emergency updates.
Let me know when you write a program that spans millions of lines of code that you think is completely logically sound. Next, upload it and let thousands of people debug it. Afterward, try to determine where you messed up, and then go through all that code and figure out how to fix the error, followed by the one or more errors created due to the error you fixed. Have fun!
Score: 15 Votes (Like | Disagree)
nwcs Avatar
nwcs
128 months ago
I think I just heard the ghost of Steve Jobs say, "bag of hurt."
Score: 15 Votes (Like | Disagree)
musika Avatar
musika
128 months ago
A secure platform wouldn't need these emergency updates.
Score: 10 Votes (Like | Disagree)
Gudi Avatar
Gudi
128 months ago
I don't care about security. All I want from Flash is massively lowered CPU usage. :mad:
Score: 9 Votes (Like | Disagree)
akm3 Avatar
akm3
128 months ago
And what platform is (or even could be) secure?

Pong.
Score: 9 Votes (Like | Disagree)
Read All Comments

Popular Stories

iOS 17

iOS 17.2 Will Add These 12 New Features to Your iPhone

Friday December 1, 2023 12:19 pm PST by
iOS 17.2 has been in beta testing for over a month, and it should be released to all users in a few more weeks. The software update includes many new features and changes for iPhones, including the dozen that we have highlighted below. iOS 17.2 is expected to be released to the public in mid-December. To learn about even more features coming in the update, check out our full list. Journal ...
Read Full Article
anker new xmas 1

Anker's Cyber Week Sale Enters Final Days With Up to 60% Off Sitewide

Friday December 1, 2023 12:05 pm PST by
Anker's Black Friday/Cyber Week event is entering its final days this weekend, and it's still offering up to 60 percent off sitewide. There are also a few "mystery boxes" that can include hundreds of dollars in savings, if you're willing to risk not knowing what you're buying ahead of time. All of these sales will end on December 3. Note: MacRumors is an affiliate partner with Anker. When you...
Read Full Article19 comments
General Apps Messages

Green Bubbles on iPhone to Gain These 7 New Features Next Year

Thursday November 30, 2023 9:00 am PST by
Earlier this month, Apple announced that it will finally support RCS in the Messages app on the iPhone starting later next year. This change will result in several improvements to the messaging experience between iPhones and Android devices. RCS will become the new default standard for messaging between iPhones and Android devices, but these conversations will still have green bubbles like...
Read Full Article
top stories 2dec2023

Top Stories: iOS 17.1.2 Released, NameDrop Misinformation, and More

Saturday December 2, 2023 6:00 am PST by
Apple employees are back to work following a Thanksgiving break, and that means this week saw a number of new operating system updates for both public release and beta testing. This week also saw some misinformation about Apple's new NameDrop feature making the rounds, while Apple and Goldman Sachs appear to be on the verge of a break-up in their Apple Card and savings account partnership,...
Read Full Article33 comments
instagram messenger

Instagram and Facebook Messenger Chats to Disconnect This Month

Tuesday December 5, 2023 1:57 am PST by
Meta has revealed plans to end Instagram users' ability to chat with Facebook accounts later this month, rolling back a feature that it introduced over three years ago. In September 2020, Meta (then Facebook) announced it was merging its Facebook Messenger service with Instagram direct messaging, allowing Instagram users to chat with Facebook users and vice versa using the same platform....
Read Full Article28 comments
iphone 5g mmwave

Apple's Work on 6G Connectivity Already Expanding

Monday December 4, 2023 7:00 am PST by
Apple's work on implementing 6G cellular connectivity on its devices appears to be ramping up, according to Bloomberg's Mark Gurman. In the latest edition of his "Power On" newsletter, Gurman explained that Apple is increasingly turning its attention to 6G, even amid its widely reported difficulties developing a custom 5G cellular modem. In 2021, the first highly specific Apple job...
Read Full Article133 comments