Time to trash Flash? If you're not ready for that, you must update Adobe Flash now

Adobe patches zero-day vulnerability being actively exploited in the wild.

Trash flash
As I discussed in an article on ESET's We Live Security blog, a critical security hole has been found in Adobe Flash, leaving Windows, Mac, Linux and Chrome OS users at risk from in-the-wild attacks.

The good news is that Adobe issued a patch earlier today which addresses the zero-day vulnerability and other flaws in its Flash product.

To learn more about the patch, check out this article on ThreatPost.

As I see it, Adobe Flash users have three main choices:

1. Update Adobe Flash as soon as possible - read our instructions on how to update Adobe Flash.

2. Update Adobe Flash as soon as possible *and* stop allowing Flash objects to render automatically in your browser to reduce your attack surface. You should read our instructions about how to enable "Click to Play".

3. Throw Adobe Flash on the garbage heap once and for all. You should read our instructions on how to uninstall Adobe Flash.

There are some other options (for instance, not having the Flash plugin installed on your main browser, but having a secondary browser on standby for those occasions when you have to visit websites which insist you have Flash enabled), but the three choices above are probably the main ones.

Which will you choose?

Good luck.

Tags: , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

Subscribe to the free GCHQ newsletter

, , ,

12 Responses

  1. Techno

    May 13, 2016 at 8:34 am #

    The BBC News website still requires it.

    • Spryte in reply to Techno.

      May 13, 2016 at 2:57 pm #

      So do many other news sites, CBC for instance.
      No problem as most of the videos are on YouTube which no longer requires Flash.

      As I've mentioned before I have lived quite happily without Flash for a couple of years now. It is no big deal just some videos are unavailable.

      I have yet to run into a problem where an entire page won't load due to not having Flash.

    • Ants in reply to Techno.

      May 16, 2016 at 2:43 pm #

      A workaround for Chrome: Shift+Ctrl+I to get the developer tools, then Shift+Ctrl+M to change the device mode – select iPad and reload the page. The video will play…

  2. Buzzed

    May 13, 2016 at 10:13 am #

    Time to vote with my feet. Goodbye flash, it was fun. I will miss you.

  3. Karl

    May 13, 2016 at 11:13 am #

    Trash that Flash!

    I have been surprised how it's no longer required for my day-to-day surfing. If a site requires flash then I do not use it.

    Freedom

    • Simon in reply to Karl.

      May 13, 2016 at 11:45 am #

      Agreed.

  4. drsolly

    May 13, 2016 at 2:46 pm #

    Again!

  5. Saundrine

    May 13, 2016 at 2:53 pm #

    Pay attention when you do update though. Adobe automatically selects the boxes for the following "optional offers":

    * Yes, install the free McAfee Security Scan Plus utility to check the status of my PC security. It will not modify existing antivirus program or PC settings.

    * Yes, install True Key™ by Intel Security to say goodbye to the hassle of passwords.

    I hate it when they automatically opt you in. If I want it, I'll click it for cryin' out loud.

  6. Nick

    May 13, 2016 at 3:33 pm #

    How do you update Flash if you have Windows 10? Adobe won't supply an update for IE if you have Win10, and Microsoft update is not currently providing an update for IE.

    Alternatively, how do you remove Flash from IE without removing it from Firefox?

    • seglertx in reply to Nick.

      May 14, 2016 at 8:19 am #

      The Internet Explorer and Edge browsers in Windows 10 already have Adobe Flash installed and are automatically updated just like Google's Chrome browser.

  7. Dansk Tex

    May 13, 2016 at 10:57 pm #

    Surfing the web has become like answering telephone calls. With calls, I just quit answering any call that is not from someone I know (which is likely to be someone I don't want to know); anyone important will leave a message. With the web, when I open a webpage that has a Flash video, I just ignore the video like a do an unknown caller. (I put in the Flash blocker a couple of years ago so that I can see the page without the videos automatically playing.)

  8. Mike

    May 14, 2016 at 10:56 pm #

    You can't uninstall Flash if you use iTunes :(

Leave a Reply