How many times has Adobe Flash had to be updated on your computer with a new security patch?
Probably more times than you can count, right?
Well, let me make the question easier. How many times has Adobe Flash had to be updated on your computer this month?
The (perhaps surprising) answer is three. And let’s not forget that February is the shortest month of the year.
Adobe has published a security bulletin telling users that they need to patch their Flash installations once again (the security updates issued previously on February 7th and February 12th aren’t sufficient) to protect themselves against “targeted attacks” that are being “exploited in the wild”.
Once again, the vulnerability isn’t fussed about what operating system you run on your computer – so Windows, OS X and Linux users are all potentially in the firing line.
Here is the executive summary from Adobe:
Adobe has released security updates for Adobe Flash Player 11.6.602.168 and earlier versions for Windows, Adobe Flash Player 11.6.602.167 and earlier versions for Macintosh, and Adobe Flash Player 22.214.171.1240 and earlier versions for Linux. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe is aware of reports that CVE-2013-0643 and CVE-2013-0648 are being exploited in the wild in targeted attacks designed to trick the user into clicking a link which directs to a website serving malicious Flash (SWF) content. The exploit for CVE-2013-0643 and CVE-2013-0648 is designed to target the Firefox browser.
More information, and a series of links to downloads (if your installation does not grab the update automatically), is available in Adobe Security Bulletin APSB-1308.
If you run Chrome or Internet Explorer 10 for Windows 8, then you should be automagically running the latest version of Adobe Flash. Similarly, if you have told Adobe Flash to automatically keep itself up-to-date you should be updated shortly.
At the time of writing, the latest version of Adobe Flash Player is 11.6.602.171 (on Linux it is 126.96.36.1993). But bear in mind that February isn’t quite over yet…