Adobe recently released an emergency update for Flash Player on all platforms after two zero-day bugs were discovered in the wild targeting Windows and Mac OS X computers. The vulnerabilities allowed hackers to hijack both Windows PCs and Macs. Adobe recommends all users to update their systems as soon as possible.
The first vulnerability, CVE-2013-0633, tricks users into downloading a Microsoft Word document sent via e-mail. As you might expect, the document contains malicious SWF (flash’s file extension) content that can then infect a user’s system. This exploit targets the ActiveX version of Flash Player for Windows, Adobe said.
The second exploit, CVE-2013-0634, targets Firefox and Safari users on Mac OS X by directing users to Websites containing malicious Flash content. This vulnerability is also being used against Windows users in a similar manner to the first exploit. Namely, malicious documents delivered via e-mail.
So there’s nothing new here in terms of malware delivery, but you should update your Flash Player software as soon as possible if it isn’t set to update automatically. Even though the newly patched weaknesses target Mac and Windows users, Adobe has also released updates for Flash Player on Linux and all versions of Android from 2.X to 4.X (basically, everyone running Flash on Android).
Checking to make sure you’ve got the latest updates to Flash Player these days is not easy task, as a single system can have several different versions. Windows 8 users, for example, will have Flash built-in to Internet Explorer and will receive their updates via Windows Update. But you may also have Chrome, which has its own built-in version of Chrome, while Firefox uses the generic version of Flash.
The easiest way to figure out your Flash situation is to visit the Flash about page on Adobe’s Website. If you see an animation at the top of the page, that means you have Flash installed in your browser. Underneath the animation, you’ll see a little box dubbed “Version Information” telling you which version of Flash you currently have. Compare that number to the chart right below the version information box to make sure you’re up to date.
Most users should have Flash configured for automatic updates, but if you need to manually update Flash Player here’s how to get it done on Windows and OS X.
Windows 8 users need to open Windows Update by pressing the Windows Key + C to open the Charms Bar. Next, click the search icon at the top and type “update.” Next, click “Settings” right below the text entry box and then select “Check for updates” in the main window.
The easiest way for Windows 7 users to get the update is to go the Flash Player Download Center and download the update. Windows 8 users needing to manually update another browser such as Firefox can also download updates directly from Adobe. Chrome users receive updates automatically in the background.
Mac OS X users who need to manually update should open System Preferences and tap on the Flash Player icon in the “Other” section. Once the Flash Player preferences open, click on the ‘Advanced’ tab and then the “Check Now” button.
Windows users have more security update action to look forward to this coming Tuesday, which is Microsoft’s monthly patch Tuesday. The software maker on Thursday said it will release 12 patches for 57 vulnerabilities affecting users running Windows XP, Windows 7, and Window 8 systems.