01.Browser update critical
Adobe has released a critical security update for Adobe Flash Player patching a flaw that could allow hackers to steal login details for some of the world's most popular social media websites, including eBay, Twitter, Google, Instagram and Tumblr.
Google and Twitter have acted quickly to address the vulnerability when it was exposed. Users of those sites will still need to check if they need to update their browsers themselves.
The Flash update applies to all browsers on computers running Windows, Mac and Linux operating systems. However, some browsers may automatically install the update, while others need to be updated manually. Firefox, Opera, Safari and version 9 (or earlier) of Internet Explorer will need to download and install the latest version (126.96.36.199) of Flash themselves from the Adobe website. Chrome and Internet Explorer build Flash into the browser and so it is updated automatically whenever a new version is released.
The bug has been known for some time, but it wasn’t until a vulnerability tool named Rosetta Flash was revealed, that a patch was released. It was exposed by Google engineer Michele Spagnuolo, who alerted Google first and then other sites. If someone visits certain malicious websites (though none have been identified), hackers could theoretically access the authentication cookies stored in a browser that are used on sites such as eBay, Twitter, Tumblr and many others, thus potentially giving them login details.