Skip to main content

Adobe warns users to update in wake of ‘critical vulnerability’

adobe flash logo
Image used with permission by copyright holder
Adobe Flash Player is a piece of software that’s used by countless people every single day — and that makes it a clear-cut target for hackers. Yesterday, the company released a statement outlining an update released to counteract what it describes as a ‘critical vulnerability’.

Windows, Mac and Linux users who have Flash Player or related software installed on their computer are all thought to be at risk, although Adobe states that systems running Internet Explorer on Windows 7 and below and Firefox on Windows XP are thought to be the most likely to be affected.

The breach takes advantage of a vulnerability that Adobe is classifying as CVE-2015-3113. The company states that it is being ‘actively exploited’ at present, although the attacks are ‘limited’ in scope and have so far proven to be targeted rather than widespread.

It’s thought that hackers can use the CVE-2015-3113 vulnerability to take control of a user’s system for their own interests. It’s not yet clear what this is being used to accomplish, but anything from hijacking your webcam and microphone to installing a keylogger in an attempt to track personal information is very possible.

Adobe is encouraging all Windows and Mac users to upgrade to Adobe Flash Player 18.0.0.194, which has been released as a direct response to the issue, according to a report from 9to5Mac. Linux users should update the version 11.2.202.468.

Breaches like this can be very serious for users who are targeted, but typically following instructions from the developer and making sure you keep up with the latest software updates will ensure your system’s safety. For more information on how to make sure that you don’t fall victim to this vulnerability, check out Adobe’s Security Bulletin covering CVE-2015-3113.

Brad Jones
Former Digital Trends Contributor
Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more