If it seems like you just updated your Flash Player software to plug a security hole that attackers were using to break into computers, you’re probably not imagining things: Three weeks ago, Adobe rushed out a new version to sew up a critical new security flaw. Today, Adobe issued a critical Flash update to eliminate another dangerous security hole that criminals are actively exploiting.
This new update addresses a vulnerability first detailed here at KrebsOnSecurity.com on Tuesday, and Adobe deserves credit for responding quickly with a patch. But there are few things that are simple about updating Flash, which ships in a dizzying array of version numbers and for many users must be deployed at least twice to cover all browsers. In addition, users may have to uninstall the existing version before updating to guarantee a trouble-free install. Also, Adobe Air will need to be updated if that software also is already installed. Finally, fixing this same vulnerability in Adobe Reader and Acrobat will require installing another patch, which won’t be out for at least another 10 days.