日々更新mobilerA8（Yahoo!ニュースを毎日ウォッチ）

フラッシュプレーヤーの緊急アップデート。
BBCより。
http://www.bbc.co.uk/news/technology-26045740

学生・教職員個人版 Adobe Creative Suite 6 Design Standard Macintosh版 (要シリアル番号申請) 新品価格 ￥61,657から (2014/2/7 01:58時点)

Adobe has urged users of its Flash Player plug-in to install an update to protect themselves against the risk of hackers hijacking their PCs.

It cited a "critical vulnerability" in older versions and said it had become aware of reports that cybercriminals had worked out a way to exploit it.

A new version of the multimedia player has been made available for download for Windows, Mac and Linux computers.

This is the latest in a series of setbacks for the company.

The California-based software maker acknowledged that usernames and encrypted passwords had been stolen from about 38 million of its active account holders last year.

And Flash vulnerability alerts frequently appear on security firms'warning lists.

"Adobe does seem to have an unfortunate history of people finding security flaws with Flash that require updates," independent security consultant Alan Woodward told the BBC.

"What Adobe seem to have done in this case is put out a warning, but it has not given as much information as other firms would normally do when issuing such a security advisory.

"That might be them trying to avoid giving the hackers too much information whilst still telling people there is a problem."

Adobe only describes the flaw as being an "integer underflow vulnerability" in its report.
Sandboxed software

The company thanks two researchers at the Kaspersky Lab for alerting it to the problem.

The Russia-based security company said it had discovered a Flash exploit that it believes had been created to target Chinese organisations and users.

"This attack works whereby when a document is opened, an embedded flash exploit starts an easy downloader to the disk, which then downloads a fully-featured backdoor and а Trojan spy," said Vyacheslav Zakorzhevsky, head of Kaspersky's Vulnerability Research Group.

"The program goes on to steal passwords from popular email clients and grabs log-ins and passwords from the web-forms of popular social-email services."・・・

−ＰＣがハイジャックされるおそれがあるという。