Earlier this month we told you about an emergency patch Adobe released for Flash. This was to fix a serious problem that could have let hackers take over your system.
Now, we're learning there's a new problem in a component of Adobe Analytics called AppMeasurement for Flash Library. Developers can add this component to their projects to track how many people are viewing videos. Unfortunately, if a certain feature of AppMeasurement is turned on, it opens up users to a serious threat.
Using the flaw, a hacker can steal a user's session cookie. The site will think the hacker is the user and the hacker can do anything they want with the site and user account. On a site that contains your credit card information or other sensitive information, that's a serious problem.
Unfortunately, you can't patch this flaw by updating the software directly. It has to be fixed by website developers.
Fortunately, Adobe has already released a fix and developers are rebuilding the affected Analytics sites. The security researcher who discovered the flaw, Randy Westergren Jr., says he expects most sites to have this patched by the beginning of May.
In the meantime, it's a good idea to only run the software when it's absolutely needed. Learn how to take control of your browser for better security.