Using Adobe Flash? You should patch it pronto

FlashIf you still have Adobe Flash installed on your computer, you should patch it pronto - regardless of whether you are running Windows, OS X or Linux.

Yesterday, Adobe released a Godzilla-sized patch that fixes a sea of over 30 different security vulnerabilities in Flash and Adobe AIR.

"Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system."

Security updates

Adobe's recommendation is that Windows and Mac users of Flash update to Adobe Flash Player 18.0.0.232, while Linux users should update to version 11.2.202.508.

(Dontcha just love Adobe's version number system, by the way?)

If left unpatched, it's possible that malicious hackers could exploit the vulnerabilities to infect your computer with malware. The good news is, so far at least, Adobe hasn't seen any evidence of the vulnerabilities being exploited in the wild.

But don't let that fool you into thinking that patching isn't still a high priority.

The most recent version of Flash is always available from the Flash download page.

If you are not sure which version of Adobe Flash you are running on your computer, visit this Adobe webpage which will tell you.

Versions of Adobe Flash Player installed with Google Chrome, Microsoft Edge for Windows 10, and Internet Explorer 10 and 11 for Windows 8.0 and 8.1, should be automatically updated.

Click to playBut I would also recommend going further than just updating Adobe Flash.

Consider enabling Click-to-Play in your browser, one of the best ways to protect yourself against criminals exploiting vulnerabilities in Adobe's software.

But, be warned, disabling or nobbling Flash in just your browser may not be enough to protect your computer from infection - as it's perfectly possible for Flash vulnerabilities to be delivered to your PC by routes other than the web.

Meanwhile, Adobe recommends that users of its AIR desktop runtime, AIR SDK and AIR SDK & Compiler update to version 18.0.0.199 by visiting the AIR download center or the AIR developer center.

Tags: , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, ,

7 Responses

  1. Jim Goodyear

    August 12, 2015 at 12:54 pm #

    If one decides to follow the advice and go beyond Click-to-Play and remove Flash completely, how can one play the video content etc that was previously played through Flash ?
    Is there another player that can take its place ?
    HTML 5 or Quicktime perhaps ?

    • Graham Cluley in reply to Jim Goodyear.

      August 12, 2015 at 1:05 pm #

      That rather depends on where the videos you are interested in watching are hosted, and if they offer you the ability to view without needing Flash.

      The top video site is YouTube, of course, and that offers HTML5 playback: https://www.youtube.com/html5

  2. Simon

    August 12, 2015 at 2:34 pm #

    The world would be such a better place when Flash is no longer used. One less thing to patch…

  3. Greg

    August 12, 2015 at 2:50 pm #

    If you are using Flash, you should uninstall it pronto. Yes, there are a few sites that still require Flash, but more these days are using HTML5. I've not missed Flash at all. Youtube works great without it.

  4. Spryte

    August 12, 2015 at 3:20 pm #

    I removed Adobe Flash from my Windows boxes about two years ago and haven't missed it.
    Most video sites support HTML 5 now and some that don't allow downloading of the file so there is no big issue except for Facebook and most of those are on YouTube anyway.
    I do have Flash on my PCLinuxOS box and am on my way to update.

  5. Tom

    August 12, 2015 at 5:06 pm #

    Having Chrome means I don't have to worry as much about Flash being updated, however, I still have Click-to-Play enabled. I would disable Flash completely, but some of the sites I visit still use it.

  6. Anonymous

    August 25, 2015 at 5:48 pm #

    The sooner Flash fades out the better.

Leave a Reply