Flash and PHP Both Have Security Holes That YOU Should Patch Now!
Security issues with Flash and PHP! Dewd! Patch as soon as possible!
“Adobe pushed an emergency patch Friday for its Flash Player to fix a flaw that’s being actively exploited to attack computers running Windows.
Meanwhile, software writers are still scrambling to fix a vulnerability, made public earlier this week, in PHP, a scripting language which is used widely to run servers on the Web, including those of Facebook.
The Adobe fix aims to cure an ‘object confusion vulnerability’ discovered in all versions of the player — Windows, Macintosh, Linux, and Android — but thus far has only been used to attack Windows systems using Microsoft’s browser software, Internet Explorer, according to a company bulletin on the subject.
When exploited, the defect could crash Flash Player and allow an attacker to take control of your computer.
Malware exploiting the vulnerability is being delivered in email messages containing an attachment. The email, though, is highly targeted, which means it’s directed at a limited number of individuals.
Adobe’s PDF file format has become a popular vehicle in recent times for delivering a malicious payload to a computer, according to John Harrison, a group product manager at Symantec. ‘The malicious attachments that are coming these days don’t include executables; they’re a PDF or [Microsoft] Office document,’ he told PCWorld.
‘Today,’ he adds, ‘PDFs are inherently more dangerous, in my opinion, than executables because you’re lulled into thinking you’re just looking at a document that has some text. You may be reading some text, but behind the scenes it’s really doing whatever an attacker wants.’
Adobe recommends that Windows, Macintosh and Linux users of Flash Player 18.104.22.168 or earlier, upgrade to the latest version of the program immediately.
The same should be done by users of Android 4.x using Flash Player 22.214.171.124 and Android 2.x and 3.x using version 126.96.36.199 of the software.”