If you have Adobe Flash and/or Microsoft's Internet Explorer on your computer or mobile device, be warned: both companies have released security updates to fix major critical flaws. If you haven't updated these systems on your devices, do so at once.
In a security bulletin published yesterday (Sept. 9), Microsoft announced that its upgrade “resolves one publicly disclosed and thirty-six privately reported vulnerabilities in Internet Explorer.”
Just how serious are these 37 vulnerabilities? Security blogger Brian Krebs pointed out that this most-recent update to Internet Explorer is “the only patch this month to earn Microsoft’s most-dire 'critical' label. A critical update wins that rating if the vulnerabilities fixed in the update could be exploited with little to no action on the part of users, save for perhaps visiting a hacked or malicious Web site with IE.”
In other words: this isn't a case where you can protect yourself by following such well-known online security rules as “Never click on an unfamiliar link” or “Don't download any file from an unknown source;” without the security fix, simply visiting a website is all it takes to make yourself vulnerable to dangerous malware.
Microsoft says the fix is necessary for all forms of Internet Explorer starting with IE6 all the way through to IE11. If your system is set up to allow automatic updating, the fix should go through automatically. However, if you do not allow automatic updates, this link will show you how to change your settings and allow them.
As for the Adobe security update, it “only” involves plugging 12 different security holes. Adobe says any Macintosh or Windows users with Adobe Flash Player v. 18.104.22.168 should visit the Adobe Flash Player Download Center, or using the update mechanism within your own Adobe system. However, Krebs offers another option: “If you’d rather not be bothered with downloaders and software 'extras' like antivirus scanners, you’re probably best off getting the appropriate update for your operating system from this link.”
If you don't know which version of Adobe Flash you have, you can find out by checking this link.
If you use Windows, and also use anything other than Internet Explorer for web-browsing (such as Firefox, Chrome, or others), you might have to apply the Adobe patch twice: once in Windows and once in your browser.
More Adobe security patches are to be introduced at the beginning of next week: Adobe was originally going to release updates to Reader and Acrobat alongside the updates to Flash, but pushed the Reader and Acrobat update-releases back to Sept. 15, to deal with some unidentified “issues” it discovered while testing the original patches.