This is your semi-regular alert that a critical security vulnerability has been found in Adobe Flash, and it is being actively exploited in in-the-wild attacks.
Yes, I know. I was shocked too… But this time the concern is particularly serious.
Adobe has the skinny in its advisory:
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address a critical vulnerability that could potentially allow an attacker to take control of the affected system.
Adobe is aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10.
So, if you’re still choosing to use Adobe Flash on your computers you should update to version 220.127.116.11 on Windows and macOS, and to version 18.104.22.1683 on Linux, as a matter of priority.
You may also run Flash through its integration into the Chrome, Microsoft Edge or Internet Explorer 11 browsers. These should update automatically, taking some of the burden off you, but there’s nothing like double-checking that everything is shipshape.
On Chrome, enter chrome://components/ in your browser URL bar and you should be able to see the version number for your embedded version of Flash (and a “Check for update” button if you need to manually update).
If you’re bold enough to still be using the internet with Flash enabled please enable “Click to Play” at the very least.
But if you want to enter the brave new world of a Flash-less world, here is our guide on how to uninstall it from your computers.