Adobe just patched up a gaping security flaw that could affect anyone who logs on to eBay, Tumblr, Instagram or other popular sites. If you’re a person who visits any of those domains (or, really, any website out there that might use Flash), you really should update right now.
Basically, the flaw — which security blogger Michele Spagnuolo says has been well known in the infosec community — made it possible for hackers to steal the cookies that authenticate returning users on sites like eBay, Twitter, Tumblr and thousands more. Spagnuolo says that so far, no tools have been made public to exploit the fluke. Since there was no proof of concept that the exploit could work, “this led websites owners and even big players in the industry to postpone any mitigation until a credible proof of concept was provided,” Spagnuolo says.
But Spagnuolo came up with a method that could sneak through this security gap, and in response, Adobe has put out an update protecting against the flaw. Spagnuolo says that Twitter, YouTube, and certain Google domains are protected thanks to recent updates, but Instagram, Tumblr, eBay, and Olark are still vulnerable.
So if you get a popup asking you to update Adobe in the next few days, don’t ignore it. And if you use any of the above-mentioned sites, maybe keep a close eye on your accounts. Or, better yet, maybe try disabling Flash altogether. On today’s internet, you’d be surprised how seldom you actually need it. [Michele Spagnuolo via Ars Technica]