A new Adobe Flash update aims to mitigate some of the hardware issues that were revealed last year. At 22 megabytes, the update is a must for all platforms, and it only takes a minute to run the installer and go on with your day.
Spectre and Meltdown
Back in July 2017, multiple teams from the Graz University of Technology, Cerberus Technology and Google, discovered two severe vulnerabilities that plague modern CPUs. The flaws were predominant in IBM POWER chips Intel X86 Microprocessors and select ARM-based microprocessors. The two security vulnerabilities were nicknamed Meltdown and Spectre.
The main issue is the fact that they are embedded in the architecture of many modern processing units. This allows harmful software and black-hat hackers to infiltrate vulnerable hardware and read sensible data without permission. While most programs are harmless, custom-made software is capable to do the job. This allows the attacker to obtain valuable data like emails, passwords and other cached documents.
How do they work?
While they are linked, Meltdown and Spectre are capable of different tasks. Meltdown lets malicious programs to go through the barrier between the operating system and the programs that are being used. A malicious program will use it to obtain direct access to the memory and data used by other programs. Spectre allows the removal of the barrier placed between apps, tricking them to offer their data.
How does the update improve the situation?
The update has disabled the ‘’shareable’’ feature of the ActionScript ByteArray. Users that want the functionality can opt to enable it manually if they modify a setting, but the option is only available if the use Adobe Flash 30 or above and only admins can enter the command.
Another change allows admins to activate the shareable feature on specific domains, as they can create a whitelist that will filter exceptions.
While Adobe discontinued Flash in 2017, updates will be delivered until 2020 in order to increase security and performance.