As they promised earlier this week, Adobe has released an emergency security update for Flash Player, protecting against a vulnerability (known as CVE-2016-1019) that is being actively exploited by hackers.
Here’s what Adobe is saying in its latest security bulletin:
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 220.127.116.116 and earlier.
If none of that makes sense to you, I’ll make it very simple: update Adobe Flash now, or get rid of it altogether.
If you’re not quite ready to take the step of entirely uninstalling Flash, then you should at the very least consider enabling “Click to Play”, which stops Flash elements from being rendered in your browser unless you give specific permission.
And remember, Flash isn’t just a security headache for Windows users. This vulnerability is also present in the Mac OS X, Linux and ChromeOS editions of Flash Player.