Do you watch a lot of online video or play interactive web games? Perhaps your organization uses rich, interactive web-based business applications? In either case, you’ve probably installed Adobe Flash, along with the 500 million other device holders who use it. In this case, you better update Flash as soon as you can.
During Microsoft Patch day, Adobe released a security bulletin describing 18 vulnerabilities in the popular rich media web plug-in. There’s no point in covering the flaws individually, as the majority of them share the same scope and impact. In short, most of the flaws involve memory corruption issues that a smart attacker could leverage to execute code on your PC. The attacker would only have to entice you to a web site containing malicious code. In other words, most of them help attackers setup drive-by download attacks.
Though it doesn’t appear attackers are exploiting any of these flaws in the wild yet, Adobe rates there severity a “Priority 1” for Windows and Mac users. This means you should patch within 72 hours. If you use Flash, go get the latest version, and check out Adobe’s security bulletin if you’d like more details. — Corey Nachreiner, CISSP (@SecAdept)