Adobe Systems has unveiled a software patch to fix a security flaw in its Flash multimedia platform on Mac, Windows and Linux which could be exploited by hackers to access login credentials for popular websites like Twitter, eBay, and Instagram.
It is not just the popular websites, but also thousands of other sites, that are potentially at risk.
While big players such as Google, Microsoft, YouTube, Twitter, Olark, and Tumblr have already put fixes in place, some are working to block the threat and few others are yet to respond.
The companies acted in part due to the flaw spotted by Google security engineer Michele Spagnuolo based in Switzerland, who created a tool capable of converting swf flash files into malicious code.
The security flaw enables attackers to intercept the login cookie for many sites, which can then be used to hijack a user’s account.
While Chrome or Internet Explorer ver. 10 or 11 browsers will automatically update with the latest versions of Flash, users using Firefox need to get the latest Flash version from Adobe directly.
Apps like Tweetdeck or Pandora are also identified as being at potential risk, and users are advised to update Adobe AIR that should happen automatically.
Although no reports about data breaches have surfaced, Adobe said code samples about the security flaw are easily available online, leaving millions of users at potential risk.
As an added security measure, Adobe also released the patch for computers that can’t run the latest Flash version.
