Emergency Adobe Flash update prepped as hackers actively exploit flaw

What’s that? You’re still using Flash?

Adobe Flash

Adobe has announced that it will be issuing an emergency security update for its widely-used Flash Player, after discovering hackers were actively exploiting a security hole to hijack control of computer systems.

"A critical vulnerability (CVE-2016-1019) exists in Adobe Flash Player 21.0.0.197 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system."

The one piece of good news is that if you have been doing a reasonably good job of keeping your systems updated then you may already be benefiting from a mitigation introduced in Flash Player 21.0.0.182 that, according to Adobe, "currently prevents exploitation of this vulnerability."

The vulnerability has been given a "critical" severity rating by Adobe, and users are advised to update their systems at the earliest opportunity.

So, what better time is there to check out our article explaining how to keep Adobe Flash up-to-date or ditch it entirely?

If you're not quite ready to take the step of entirely uninstalling Flash, then you should at the very least consider enabling "Click to Play", which stops Flash elements from being rendered in your browser unless you give specific permission.

Yeah, you guessed right. I'm not a fan of Adobe Flash.

Tags: , ,

Smashing Security audio podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

Subscribe to the free GCHQ newsletter

, ,

5 Responses

  1. John V. Keogh

    April 7, 2016 at 10:20 am #

    If it wasn't for the BBC iPlayer site, I would ditch Flash. I have used ClickToFlash in Safari for many years which stops the fans on my quad-core iMac from spinning up. Adobe's code must be so inefficient!

  2. lanerd

    April 7, 2016 at 2:51 pm #

    Flash is nothing but a security risk , I ditched Flash long ago , sure I can't play some videos but I'll take the security over the videos anytime ……

  3. coyote

    April 8, 2016 at 12:21 am #

    I really wish Adobe would die. It doesn't have to be an excruciating death but it would really do the world some good. Or so I would like to believe. It's unfortunately not that simple:

    As much as I hate Adobe (particularly because of Flash) the reality is so many websites (and I believe some software ?) use it – and refuse to replace it for whatever excuses they may give (and there is not one legitimate excuse). If Adobe were to abandon it it would be even more risky. It's unfortunate but the reality is the problem is not an entity but numerous entities.

    Edit: But don’t forget that even with updates it doesn’t mean everyone will update it. This means more computers are vulnerable which makes everything else less secure. So not only are both Adobe and many websites a problem but so are those who don’t update Flash.

  4. luke

    April 8, 2016 at 3:02 pm #

    what i cant stand is adobe uses so much memory, then every time i update it tries top force mcaffee on me, i dont want the bundle, i just want a simple update, how hard is that?

  5. i already hacked you

    May 24, 2016 at 10:13 am #

    Are- are you people real? Worldwide Loyalty Team? One wonders. A few companies jumped on Adobe back in '10 when Jobs ranted incoherently about nonsensical accusations that can be leveled at any technology. Now everyone is repeating the tripe. "I hate Adobe" "Die Adobe" "Adobe is trash". I smell a rat, and it smells like rotten apples.

    One exploit? Oooo. It's Zero Day! Scary! Are you people even cognizant enough to know what that means? It means Apple has been hacking Adobe since 2012, and FINALLY found an exploit in near a release of an update. Big whoop. We've been "Zero Day"ing boxes for decades. Heck, the U.S. and Israel "Zero Day"ed Iran!

    Fear-mongering hype like this rubbish is why people will suffer in the end. Mark my words. Job's crusade is a plan of ruinous failure.

Leave a Reply