Flash Just Patched a Huge Security Flaw, Go Update it Right Now

Illustration for article titled Flash Just Patched a Huge Security Flaw, Go Update it Right Now

Adobe just patched up a gaping security flaw that could affect anyone who logs on to eBay, Tumblr, Instagram, or other popular sites. If you're a person who visits any of those domains (or really, any website out there that might use Flash), you really should update your stuff right now.


Basically, the flaw—which security blogger Michele Spagnuolo says has been well known in the infosec community—made it possible for hackers to steal the cookies that authenticate returning users on sites like eBay, Twitter, Tumblr, and thousands more. Spagnuolo says that so far, no tools have been made public to exploit the fluke. Since there was no proof of concept that the exploit could work, "this led websites owners and even big players in the industry to postpone any mitigation until a credible proof of concept was provided," Spagnuolo says.

But Spagnuolo came up with a method that could sneak through this security gap, and in response, Adobe has put out an update protecting against the flaw. Spagnuolo says that Twitter, YouTube, and certain Google domains are protected thanks to recent updates, but Instagram, Tumblr, eBay, and Olark are still vulnerable.

So if you get a popup asking you to update Adobe in the next few days, don't ignore it. And if you use any of the above-mentioned sites, maybe keep a close eye on your accounts. Or, better yet, maybe try disabling Flash altogether. On today's internet, you'd be surprised how seldom you actually need it. [Michele Spagnuolo via Ars Technica]



Flash has been a leaking bucket since it was released. I don't think I've ever seen software that needed that frequent of an updating.

I've uninstalled it from all my personal machines for well over a year now, and I don't miss it at all. It's either that shit websites that still rely on it are places I don't visit anymore, or that HTML 5 is finally starting to catch up with more widespread use.