Patch Adobe Flash now – Hacking Team zero-day exploit fix included in emergency update

Graham Cluley

FlashWhile the world freaks out about the zombie apocalypse New York Stock Exchange and United Airlines suffering computer problems, there’s some important news on the security front.

An emergency patch for Adobe Flash has been released, reportedly fixing critical zero-day vulnerabilities that have been exploited by hackers to compromised computer systems.

(And no, I have no reason to believe that the Adobe Flash vulnerability has anything to do with the hiccups that the NYSE and United Airlines are experiencing.)

Of course, what makes this patch particularly interesting is that it includes a fix for a zero-day vulnerability developed and exploited by Hacking Team, an Italian company who sells spyware to governments and law enforcement agencies and rather awkwardly suffered a massive hack earlier this week.

The attackers responsible for the security breach at Hacking Team, released many gigabytes worth of stolen data including email archives, internal documents and source code for the company’s controversial products.

Which means, effectively, that details of the Adobe Flash zero-day tumbled into the wild for anybody to exploit.

A large number of other security holes appear to have also been addressed by this update, so I would recommend patching your systems at the earliest opportunity.

flash-wide

The patch can be found in Flash Player version 18.0.0.203 for Windows and Mac computers. For full details, and download links, check out the security advisory on Adobe’s website.

If you are not sure which version of Adobe Flash you are running on your computer, visit this Adobe webpage which will tell you.

The most recent version of Flash is always available from the Flash download page, but be sure not to be tricked into installing other third-party “optional offer” products at the same time (an irritating habit of Flash’s install program).

But I would also recommend going further than this, and enabling Click-to-Play, one of the best ways to protect yourself against criminals exploiting vulnerabilities in Adobe Flash.

Further reading:

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

2 Replies to “Patch Adobe Flash now – Hacking Team zero-day exploit fix included in emergency update”

  1. Linux flash (now version 11.2.202.481) has also been updated, fwiw. Pulled it before starting firefox and then saw this post.

  2. Get Malwarebytes Anti-Exploit. It's free for use with web browsers and it blocks this exploit.

    I can't understand folks ignoring it. It's from a firm with an impeccable reputation, it's free gratis and it works.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES