Every month the BugBlog picks its Bug of the Month, representing the most significant bug found in the past month. Sometimes, the bug will be the one that could potentially cause the most damage; sometimes it will be the bug that affects the most users. And sometimes, it will be the bug that is just the most interesting bug. This bug will be selected either from the free Bug of the Day, or from the subscription-only BugBlog Plus.
The April Bug of the Month appeared in the BugBlog on March 16:
Adobe has patched some critical bugs in the Adobe Macromedia Flash Player. A remote attacker could design a Flash file that, when played on the victim’s computer, could take complete control of the system. Everybody using Flash Player 22.214.171.124 and earlier should update to Flash Player 126.96.36.199. Get the update at Macromedia security. Note that Flash Player is distributed with Microsoft Internet Explorer, so that most people using IE will be vulnerable to this. If you are still using Flash Player 7, see Macromedia knowledgebase.
Why this bug? First is the impact; if successful, an attacker can take complete control of your system. Second is the scope; among Windows users, Flash Player has an extremely high distribution rate. Most users of Microsoft Internet Explorer and Mozilla Firefox will have a Flash player plug-in for their browser. For those two reasons, Adobe (or what used to be Macromedia) wins The Bug of the Month.