Adobe has just released an update for Flash which you should download immediately.
Late Thursday June 10th Adobe released Flash Player 10.1. This fixes a bad exploit that is currently being used to install malware on computers. You need to visit the Adobe website and install this if you have not gotten the notice for the update from Flash itself yet. You should do this before you use your computer to visit any websites or even check your email.
This exploit this update fixes attempts to run Flash from an infected Adobe PDF file.
The infected PDF Flash content then installs malware on your computer. As most browsers are set to automatically open PDF files, this can happen just by clicking on a link that leads to such an infected PDF file on the internet (you may be tricked into clicking on it). The computer security industry refers this this exploit as “In the wild.” A bit Mission Impossible to me.
This is even more dangerous with the large numbers of websites recently hacked to install malware on visiting computers. One estimate stated that over 100,000 websites were hacked just in the early part of the week. The chances of you visiting one of these sites is fairly high. Hackers use blackhat SEO to make infected sites show up in search engines like Google and Bing for popular terms. They even use Twitter and Facebook to send people to these sites (often from hacked accounts that could be real friends of yours).
This exploit affect all operating systems!
Windows, Mac OS, Unix and Linux. Flash runs on nearly all computer systems. Everyone needs to update.
Visit Adobe.com immediately if you are unsure your Flash is updated!
You can click on the Adobe Flash button on that page. The direct link to download flash is : http://get.adobe.com/flashplayer/ You should do this right away. Although I suggest typing http://adobe.com directly in your browser to be completely safe (you never know if even this site could be hacked-but I think it’s safe). Uncheck the box to install any toolbar or additional software on the Install Adobe Flash Player page before you click the “Agree and Install Now” button.
This may not directly fix the associated exploit in Adobe Reader and Acrobat.
I do expect that this does help the situation in Reader and Acrobat a bit. I am not sure if Reader uses the system Flash Player or has it’s own. Reader and Acrobat updates are expected later this month yet to fix this exploit. You will still need to be very careful about opening PDF files and pages that are sent to you. I’ll be sure to post as soon as the Reader and Acrobat updates are available.
Panda Security announced that their software does detect this malware. You can click on the Panda Security button near the bottom right of this page for more info about Panda’s computer security products. I use it on my Windows computers.
Make sure you know when the other updates are available by subscribing to my newsletter. I won’t share your email with anyone and you’ll learn valuable stuff about keeping your computer safe. Put your name and email in the form with the big blue arrow near the top of the page.