Adobe Flash Player updated to combat "critical" security vulnerability
Adobe released an update for the Adobe Flash Player earlier this week to rectify a zero-day exploit being employed as part of the long-running cyber-espionage campaign known as "Pawn Storm." Unfortunately, as determined by Trend Micro and confirmed by Adobe in a follow-up security bulletin, that update failed to correct the problem, and so another update has been released today.
The new update addresses "critical" vulnerabilities in the Flash Player, which "if exploited would allow malicious native-code to execute, potentially without a user being aware," according to Adobe's severity ratings. This could result in PCs being crashed or even taken over by remote attackers.
The good news, such as it is, is that the exploit is being used in "limited, targeted attacks," according to the security bulletin. Trend Micro said essentially the same thing on its blog, noting that Pawn Storm attacks appear to be contained to international government agencies, specifically against "several foreign affairs ministries from around the globe."
Even so, this is pretty clearly another nail in Flash's coffin. It's on the way out anyway, and security holes like this are sooner or later bound to become less about making sure that Flash is up to date, and more about wondering why you're bothering with it in the first place.
There's plenty to read about it if cyber-security is your thing. If, on the other hand, you just want to ensure that your PC doesn't get dicked around by some jerk on the other side of the planet, you can simply grab the latest update and carry on with your day. Either way, it's something you'll want to get on with as soon as possible.
Thanks, Ars Technica.
The biggest gaming news, reviews and hardware deals
Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.
Andy has been gaming on PCs from the very beginning, starting as a youngster with text adventures and primitive action games on a cassette-based TRS80. From there he graduated to the glory days of Sierra Online adventures and Microprose sims, ran a local BBS, learned how to build PCs, and developed a longstanding love of RPGs, immersive sims, and shooters. He began writing videogame news in 2007 for The Escapist and somehow managed to avoid getting fired until 2014, when he joined the storied ranks of PC Gamer. He covers all aspects of the industry, from new game announcements and patch notes to legal disputes, Twitch beefs, esports, and Henry Cavill. Lots of Henry Cavill.