Adobe fixes critical vulnerabilities in Flash and Shockwave Player

Posted 13 June 2017 17:39 CEST by Jan Willem Aldershoff

Adobe has patched several vulnerabilities in its Flash and Shockwave Player that in the the worst case allow an attacker to take full control over the computer. There are no indications the vulnerabilities have been actively attacked before the updates were released, according to Adobe.

In total 9 vulnerabilities in Adobe Flash have been marked as critical. Visiting a malcious or hacked website, viewing a malcious advertisement or opening a Microsoft Office file with an embedded Flash object was sufficient to infect users with malware.

Adobe advises Mac and Windows users to update to Flash Player 26.0.0.126 within 72 hours. This can be done through the automatic update function on Adobe.com. Linux users can install the update when suitable. Adobe bases this advice on experiences in the past and the likelihood that Flash Player on a specific OS is attacked.

In case of Google Chrome, Internet Explorer 11 on Windows 8.1, and Internet Explorer 11 and Edge on Windows 10, the embedded Flash Player will be upgraded through the browser. Through a page on the Adobe website it’s possible to check which version is currently installed.

Adobe has stated it’s unaware of attacks that exploit the patched vulnerabilities.

Besides the patches for Adobe Flash Player, also a security update for Adobe’s Shockwave Player has appeared. The browser plugin is installed on more than 450 million PCs, according to Adobe’s website. The update resolves a vulnerability that, in the worst case, allows an attacker to take full control over the system, similar to several vulnerabilities in Flash Player.

Because Adobe expects that cybercriminals will not soon exploit the vulnerability, the company advises to install the patch within 30 days. In contrary to Flash Player, the ShockWave Player doesn’t feature an automatic update function, which means users have to manually download and update to the version 12.2.9.199.



Myce.com settings

Several settings at Myce.com can be changed, they are stored in cookies, which means they will be reset if you clear Myce.com cookies

Background

Change the background to a plain color or trianglified image (similar to the default image)

No tracking features

At Myce most social media feature are done server side and impose no privacy risk to the visitor when not used. Several features use Javascript with you can turn off here

Layout

Switch to the List layout for an index with chronologycally listed news items or Grid layout for a block based layout. To see the change you need to reload the page

×