Flash Player Vulnerability Comes Again, Threats Millions of Users
Adobe just released a critical update for Flash Player on this Tuesday which aims to patch a serious vulnerability that could allow hackers to pilfer users’ authentication cookies stored in browser by vulnerable site like eBay, Instagram, and Twitter.
These updates include additional validation checks to ensure that Flash Player rejects malicious content from vulnerable JSONP callback APIs. All Chrome and Internet Explorer 10 (IE10) and IE11 will automatically update to the latest version, which will prevent the potential credential-stealing attack. Those who rely on Safari, pre-IE10 editions of IE, Firefox or other browsers, should go to the Adobe website to download the latest version of Flash.
According to the recent Blog post by Google security engineer Michele Spagnuolo, the attack tool, dubbed Rosetta Flash, which can translate a regular “Shockwavefile” (.SWF) flash file into standard alphanumeric characters to bypass typical restrictions websites place on JSONP call backs. Then the user identity authentication cookie could be easily reached by hackers.
Many of the affected websites have already worked to fix the error on their site, according to Spagnuolo. So far, the vulnerability has not caused huge impact but Baidu Antivirus experts still strongly recommend you to update your Adobe Flash Player ASAP!