安全提示：更新您的Flash Player

Adobe is in the news again, with all new ways for hackers to take over your desktop via their products. Just a few days ago security researchers discovered serious security vulnerabilities in some Adobe programs. The latest victim of attacks appears to be the Adobe Flash animation software. iDefense Labs discovered that exploitation of the flaw in the Flash player could enable hackers to gain full privileges on a user’s desktop.

Adobe再次成为新闻 ，黑客采用所有新方式通过其产品来接管您的桌面。 几天前，安全研究人员在某些Adobe程序中发现了严重的安全漏洞 。 攻击的最新受害者似乎是Adobe Flash动画软件。 iDefense Labs发现利用Flash播放器中的漏洞可以使黑客获得用户桌面上的全部特权。

The method used to “infect”a user’s PC is a malicious Shockwave Flash file created by the attacker. The Shockwave file socially engineers the file and then injects the content into a site that is trusted to complete the attack. Acrobat reader has already come under criticism after nCircle, another network security firm, found vulnerabilities in the venerated application.

用于“感染”用户PC的方法是攻击者创建的恶意Shockwave Flash文件。 Shockwave文件对文件进行社交工程设计，然后将内容注入值得信赖的站点以完成攻击。 Acrobat读者已经受到批评 另一家网络安全公司nCircle发现了尊敬的应用程序中的漏洞 。

杂技威胁 (Acrobatic Threats)

Reading these stories about such widely used applications, it is a little bit shocking to note how little Adobe appears to be doing about it. Adobe has been fairly silent about the threats, while Symantec and nCircle warn of real and ongoing cases in Asia. According to Andrew Storms, director of security operations for nCircle:

阅读有关如此广泛使用的应用程序的这些故事，令人惊讶的是注意到Adobe似乎在做什么。 Adobe一直对这些威胁保持沉默，而赛门铁克和nCircle则警告了亚洲的实际案件和正在进行的案件。 根据nCircle安全运营总监Andrew Storms的说法：

If the history of Adobe Reader vulnerabilities shows us anything, it’s probably just a number of days before this takes off.

如果Adobe Reader漏洞的历史向我们显示了任何内容，则可能只有几天的时间了。

The Adobe Flash threat announced today, was acknowledged by the company as being a “critical” one for Adobe Flash Player 10.0.12.36 and earlier versions. They recommended that users update to the most current versions. For users who cannot update to version 10, the company has also created a patch for download. We suggest everyone who might be affected read Adobe’s security bulletin issued about the threat, and for the latest fixes.

今天宣布的Adobe Flash威胁已被该公司确认为Adobe Flash Player 10.0.12.36和更早版本的“关键”威胁。 他们建议用户更新到最新版本。 对于无法更新到版本10的用户，该公司还创建了一个补丁供下载。 我们建议可能受到影响的每个人都阅读有关该威胁的Adobe安全公告以及最新的修复程序。

相对不安全 (Relative Insecurity)

There is still no word of an update or fix for the earlier Acrobat Reader issues. Adobe has said they will have updates for Adobe Reader 9 and Acrobat 9 by March 11, but given these issues were announced before the Flash advisory, one has to wonder what they are waiting for. Adobe’s advice to users was simply to Disable JavaScript for what appears to be a “degree” of protection.

对于早期的Acrobat Reader问题，仍然没有更新或修复的消息。 Adobe表示将在3月11日之前对Adobe Reader 9和Acrobat 9进行更新，但是鉴于这些问题是在Flash通报之前宣布的，因此人们不得不怀疑他们还在等待什么。 Adobe对用户的建议只是禁止JavaScript，因为这似乎是一种“程度”的保护。

Meanwhile, any hacker who can “socialize” their script and get it into a trusted conduit, can effectively control your PC. Sourcefire, another security vendor, says they have already traced attacks going back to January 9, so it looks like a time for everyone to cover their own … until Adobe gets off of theirs. We hope this information helps.

同时，任何能够“社交化”其脚本并将其放入可信管道的黑客都可以有效地控制您的PC。 另一家安全供应商Sourcefire表示，他们已经追踪了追溯到 1月9日的攻击，因此似乎每个人都可以掩盖自己的时间……直到Adobe摆脱他们的束缚。 希望这些信息对您有所帮助。

翻译自: https://www.sitepoint.com/secure-your-site-update-adobe-flash-player/