When it comes to security and safety, Adobe’s Flash is not the most secure piece of software around. Over the years Flash has had many notable security flaws exploited, and a report from Krebson Security on July 9 suggests that there is yet another critical security flaw within the software.
A Google Engineer by the name of Michele Spagnuolo created a proof of concept exploit tool called “Rosetta Flash”. The exploit tool has brought to light a security snafu that could easily allow hackers to steal cookies and other data by simply using malicious Flash .SWF files.
The hardest part of believe about this new exploit is that it is not a new exploit at all, in fact security communities around the world have known about the flaw for quite some time, but the powers that be decided not to issue a fix until someone figured out how to use the exploit.
The “Rosetta Flash” exploit tool has rocked the flash world, and it has made companies such as Microsoft, Twitter, Google, and Instagram spring in to action. Users of the services provided by these companies can rest easy at night knowing that they have already fixed the issue, but that does not mean that other services are safe.
If you use either Chrome or Internet Explorer, your browser will automatically update to the latest version of Flash, 188.8.131.52, however if you use Firefox you will have to download the update manually from Adobe's website. If you want to make absolutely sure that you are using the latest version of the troubled software, visit the official Adobe site here, and the current version of Flash installed on your computer will be displayed.
Adobe has issued a fix for the issue, and any developers who have used Flash in their software have been urged to update their programs immediately. If you use programs such as Tweetdeck, or Pandora you will also need to grab the latest version of Adobe Air just to be on the safe side. The latest version of Adobe Air is 184.108.40.206.
There is no doubt that Adobe Flash has been a great piece of software over the years, but with the frequent security issues, and the emergence of HTML 5, it looks as though its days could be numbered. Make sure you are running the latest version, and do not install any files that you are unsure of.