Adobe has taken care of some “critical vulnerabilities that could potentially allow an attacker to take control of the affected system”, and it released Flash Player version 24.0.0.221 that’s available for Mac, Windows, Linux, and Chrome OS.
Users who have Flash Player version 24.0.0.194 or earlier installed on their Macs are advised to immediately download the latest version of the software using its built-in update mechanism. However, the update can be also downloaded from the Adobe Flash Player Download Center. But, it’s important to enable the option to “allow Adobe to install updates”, because every time Adobe will bring a new update for its Flash Player, it will be automatically downloaded.
Mac users who have installed Google Chrome will automatically receive Flash Player version 24.0.0.221, but in order to verify if the browser is up-to-date, it’s recommendable to head to the Tools menu and select About Google Chrome.
The critical vulnerabilities fixed by Adobe have to do with memory corruption, integer overflow, heap buffer overflow, type confusion, and other use-after-free vulnerabilities that hackers could exploit and which could lead to code execution. These vulnerabilities have surfaced a while ago, being reported by security researchers from Google, Microsoft, Palo Alto Networks, and Trend Micro.
If you use Safari browser, Flash is deactivated by default, so you will need to turn on the plug-in when necessary. The rest of web browsers have also plug-in safeguards because of previously found security risks, and Adobe doesn’t seem to find a solution to its problems, no matter how many updates it releases for its Flash Player.
Back in 2010, Apple co-founder Steve Jobs said that the company should focus on HTML5 and ditch Adobe Flash because it was “the number one reason Macs crash”. He even criticized the performance of Adobe Flash on mobile devices, saying that “Flash was created during the PC era – for PCs and mice”.
Leave a Reply