Yesterday it was Internet Explorer, and now Adobe Flash has a ‘zero day’ security exploit. It was discovered by Kaspersky Labs, and confirmed by Adobe, which has issued a patch. The vulnerability is found in a Flash component called Pixel Bender, which handles video and image processing.
The attacks originated from a Syrian Ministry of Justice site, and are the latest examples of security vulnerabilities being exploited by governments. Stuxnet, Flame, and Red October were all state sponsored attacks, and the United States’ NSA was rumored to know about and be exploiting the Heartbleed bug before it was exposed.
While the exploit could affect all Flash users, Kaspersky said it is sure that the attacks from the Syrian Ministry of Justice were aimed at a ‘very specific group of users’. However, now the exploit has been exposed and Adobe has patched it, users are advised to update as soon as possible.
If you use IE 10 or 11 on Windows 8, the update will arrive automatically, but they sometimes take hours to be delivered. You can update Flash manually if you’re worried about the potential security risk. If you use Firefox on Windows, you have update Flash for Firefox and Internet Explorer separately.
Download or update Flash here.