For the second time this month, Adobe has released an emergency update to its Flash Player software on OS X and Windows. What's wrong with it this time? Here's what the researchers who discovered the latest vulnerability had to say:
This threat actor clearly seeks out and compromises websites of organizations related to international security policy, defense topics, and other non-profit sociocultural issues. The actor either maintains persistence on these sites for extended periods of time or is able to re-compromise them periodically.
This actor also has early access to a number of zero-day exploits, including Flash and Java, and deploys a variety of malware families on compromised systems. Based on these and other observations, we conclude that this actor has the tradecraft abilities and resources to remain a credible threat in at least the mid-term.
Mac users can confirm what version they're running with this tool. The current, secure version (as of the time of this writing) is 18.104.22.168. Older versions put your system at risk. Users can manually download the latest version of Flash here.
In other news:
- A teenaged Jony Ive almost gave up on a career in industrial design, but was talked out of it by renowned designer Tom Karen.
- Apple has registered several more new generic top-level domains including apple.technology, ipad.technology, iphone.technology, and mac.technology.
- Google is launching 'Project Tango,' a 3D-Mapping smartphone containing "customized hardware and software designed to track the full 3D motion of the device, while simultaneously creating a map of the environment." And it looks awesome.