Flash exploits – you may be at risk

THE co-founder of Apple – the late Steve Jobs – was prescient in 2010 about the risks of Adobe's Flash player.

He kept it out of Apple's mobile operating system (iOS) but it's still present on many devices.

Due to malicious exploits, it seems that its about every fortnight that web-browser users are invited/compelled to update their Flash software, in order to patch the latest vulnerability and to continue to be able to view for example, video content on BBC news.

But this updating/patching process is itself being hijacked and I'd urge surfers to check carefully before accepting these invitations. This morning I was abruptly offered this dubious invitation:

In the above screen-shot, the first part of the URL looks dodgy and then there's the wrong spelling 'Adabe', that many people would easily miss. I doubt Adobe Systems would misspell their own name. Then there's the main offer:

This looks genuine and authoritative … except for the one little give-away (for me) on the left:

Your system:
Windows, English

Now, every computer connected to the web reliably reports to the remote web server much technical information about one's local configuration, the most basic of which is the kind of Operating System.

My current operating system is Mac OS X. It is not "Windows" (it never has been and it never would be). However, any "Windows" user – having first not noticed the suspicious URL – would then notice nothing untoward further on, even on closer scrutiny.

This indicates that the "Update Now" invitation has not linked correctly to the technical information sent out automatically and that this splash screen is displayed, regardless of operating system.

It's undoubtedly an attempt at a malicious exploit.