OFFICIAL SECURITY BLOG

We’ve moved! You can now read the latest and greatest on Mac adware and malware at Malwarebytes.

Uninstall Adobe Shockwave immediately!

Posted on May 22nd, 2014 at 7:01 AM EST

Yesterday, Brian Krebs announced a shocking discovery: Adobe Shockwave Player includes an Adobe Flash Player component that has not received any security fixes since January 2013! This is a very serious security failure on Adobe’s part. I won’t be surprised if Apple blocks the current version of Shockwave, as they have done with vulnerable versions of Flash and Java in the past, but don’t wait for that to happen… remove Shockwave today!
Read the rest of this entry »

24 Comments

Adobe Flash Player security update released

Posted on April 29th, 2014 at 6:12 AM EST

Adobe has released an update to their Adobe Flash Player software, which evidently had a vulnerability that was actively being exploited on Windows. There is no indication that this was being exploited on Mac OS X, but since the vulnerability was present in Flash for Mac OS X as well, all Mac users who have Adobe Flash Player installed should immediately update.

Note that the only legitimate place to download Flash is from get.adobe.com/flashplayer, or by using Flash’s automatic update feature. Never install Flash by clicking a pop-up on a website that tells you Flash is outdated and needs to be updated!

9 Comments

Apple blocks Flash following security update

Posted on February 5th, 2014 at 9:36 AM EST

Apple has updated the XProtect security system in Mac OS X to block all versions of Adobe Flash Player prior to 12.0.0.44. This was done in response to a critical security update released by Adobe, fixing a vulnerability that was being exploited in the wild. Users of Chrome should have their Flash plugin updated automatically. Users of other browsers, with Flash installed in the system, may have Flash updated automatically or may need to install an update manually, depending on the settings.
Read the rest of this entry »

2 Comments

Brazilian internet service provider hacked

Posted on December 4th, 2013 at 9:33 AM EST

A few users on Apple’s support forums are reporting a problem where an Adobe Flash Player update notice pops up on most web sites. It now appears that the problem is affecting users of the Brazilian internet service provider (ISP) NET Virtua. Apparently, this was done through poisoning of their domain name servers (DNS). Such DNS poisoning attacks allow a hacker to direct requests for certain sites to a fake lookalike site, usually with the intent to harvest usernames and passwords.
Read the rest of this entry »

This post is more than 30 days old and has been locked. No further comments are allowed.

Adobe Flash updated following vulnerability

Posted on June 11th, 2013 at 9:24 PM EST

Adobe released an updated version of Flash Player today to fix a vulnerability that could allow an attacker to execute malicious code on a user’s system. Fortunately, there’s no Mac malware known to be taking advantage of this, and Apple will probably use their XProtect software to block vulnerable versions of Flash soon. Nonetheless, all users of Flash should update immediately. Those running Chrome will have its built-in copy of Flash updated automatically, and need not have Flash installed separately.

6 Comments

Adobe patches more Flash vulnerabilities

Posted on April 10th, 2013 at 6:49 AM EST

Adobe has released another Flash Player update to fix what they called “critical” vulnerabilities. Although no Mac malware is yet being installed through this hole, to my knowledge, it would still be wise to update as soon as possible. If you have not set Flash to update itself automatically, you can update it through the Flash pane of System Preferences, or can download the latest version from Adobe’s site.

6 Comments

New Flash vulnerability

Posted on February 26th, 2013 at 10:09 PM EST

Although it has not attained the same level of danger as Java, Flash is back in the news today due to vulnerabilities. Adobe has issued a Flash update, saying that the vulnerabilities fixed are currently being exploited in the wild. This patch is considered to be of the highest priority. All users of Flash are advised to update immediately.
Read the rest of this entry »

9 Comments

Critical Flash vulnerability exploited and fixed!

Posted on February 7th, 2013 at 10:20 PM EST

Adobe announced today the release of a Flash Player update, fixing a vulnerability that they say is being exploited “in the wild” to drop malware on Macs. To cite an important portion of Adobe’s announcement, “Adobe is […] aware of reports that CVE-2013-0634 is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform.”
Read the rest of this entry »

22 Comments

More Flash updates

Posted on August 23rd, 2012 at 7:15 AM EST

Adobe has released another Flash update, fixing more vulnerabilities. Although these vulnerabilities have not yet been exploited in the wild, to anyone’s knowledge, they could easily be at any time now. In addition, Apple has changed the minimum allowed version of Flash. Many Mac users will be seeing notices that their version of Flash is outdated and that the plug-in will be blocked until it is updated. Unfortunately, there are a number of reports that the self-updating features of Flash are not working properly. To update to the latest version of Flash, download and install it from Adobe’s site:

http://get.adobe.com/flashplayer

This post is more than 30 days old and has been locked. No further comments are allowed.

Adobe issues critical Flash Player update

Posted on August 17th, 2012 at 7:56 AM EST

Adobe had issued an update to their Flash Player plugin in response to a vulnerability that is being exploited “in the wild” by malware. That malware, apparently, can install as a drive-by download, thanks to a Flash Player vulnerability, in Internet Explorer on Windows. Although that malware cannot affect a Mac in any way, Mac users should install the update as soon as possible, to protect against the possibility of a future attack. Remember, once a vulnerability is publicized, hackers know exactly where to strike to affect machines that have not been updated.

You can download the update from:

http://get.adobe.com/flashplayer

5 Comments