Emergency Adobe Flash update prepped as hackers actively exploit flaw

Graham Cluley

Emergency Adobe Flash update prepped as hackers actively exploit flaw

Adobe Flash

Adobe has announced that it will be issuing an emergency security update for its widely-used Flash Player, after discovering hackers were actively exploiting a security hole to hijack control of computer systems.

“A critical vulnerability (CVE-2016-1019) exists in Adobe Flash Player 21.0.0.197 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.”

The one piece of good news is that if you have been doing a reasonably good job of keeping your systems updated then you may already be benefiting from a mitigation introduced in Flash Player 21.0.0.182 that, according to Adobe, “currently prevents exploitation of this vulnerability.”

The vulnerability has been given a “critical” severity rating by Adobe, and users are advised to update their systems at the earliest opportunity.

So, what better time is there to check out our article explaining how to keep Adobe Flash up-to-date or ditch it entirely?

If you’re not quite ready to take the step of entirely uninstalling Flash, then you should at the very least consider enabling “Click to Play”, which stops Flash elements from being rendered in your browser unless you give specific permission.

Yeah, you guessed right. I’m not a fan of Adobe Flash.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

5 Replies to “Emergency Adobe Flash update prepped as hackers actively exploit flaw”

  1. If it wasn't for the BBC iPlayer site, I would ditch Flash. I have used ClickToFlash in Safari for many years which stops the fans on my quad-core iMac from spinning up. Adobe's code must be so inefficient!

  2. Flash is nothing but a security risk , I ditched Flash long ago , sure I can't play some videos but I'll take the security over the videos anytime ……

  3. I really wish Adobe would die. It doesn't have to be an excruciating death but it would really do the world some good. Or so I would like to believe. It's unfortunately not that simple:

    As much as I hate Adobe (particularly because of Flash) the reality is so many websites (and I believe some software ?) use it – and refuse to replace it for whatever excuses they may give (and there is not one legitimate excuse). If Adobe were to abandon it it would be even more risky. It's unfortunate but the reality is the problem is not an entity but numerous entities.

    Edit: But don’t forget that even with updates it doesn’t mean everyone will update it. This means more computers are vulnerable which makes everything else less secure. So not only are both Adobe and many websites a problem but so are those who don’t update Flash.

  4. what i cant stand is adobe uses so much memory, then every time i update it tries top force mcaffee on me, i dont want the bundle, i just want a simple update, how hard is that?

  5. Are- are you people real? Worldwide Loyalty Team? One wonders. A few companies jumped on Adobe back in '10 when Jobs ranted incoherently about nonsensical accusations that can be leveled at any technology. Now everyone is repeating the tripe. "I hate Adobe" "Die Adobe" "Adobe is trash". I smell a rat, and it smells like rotten apples.

    One exploit? Oooo. It's Zero Day! Scary! Are you people even cognizant enough to know what that means? It means Apple has been hacking Adobe since 2012, and FINALLY found an exploit in near a release of an update. Big whoop. We've been "Zero Day"ing boxes for decades. Heck, the U.S. and Israel "Zero Day"ed Iran!

    Fear-mongering hype like this rubbish is why people will suffer in the end. Mark my words. Job's crusade is a plan of ruinous failure.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.