As I discussed in an article on ESET’s We Live Security blog, a critical security hole has been found in Adobe Flash, leaving Windows, Mac, Linux and Chrome OS users at risk from in-the-wild attacks.
The good news is that Adobe issued a patch earlier today which addresses the zero-day vulnerability and other flaws in its Flash product.
To learn more about the patch, check out this article on ThreatPost.
As I see it, Adobe Flash users have three main choices:
1. Update Adobe Flash as soon as possible - read our instructions on how to update Adobe Flash.
2. Update Adobe Flash as soon as possible *and* stop allowing Flash objects to render automatically in your browser to reduce your attack surface. You should read our instructions about how to enable “Click to Play”.
3. Throw Adobe Flash on the garbage heap once and for all. You should read our instructions on how to uninstall Adobe Flash.
There are some other options (for instance, not having the Flash plugin installed on your main browser, but having a secondary browser on standby for those occasions when you have to visit websites which insist you have Flash enabled), but the three choices above are probably the main ones.
Which will you choose?