It’s time to say ‘Welcome to dumpsville Adobe Flash’, as new unpatched flaw exploited by criminals

Graham Cluley

Criminals are exploiting unpatched Adobe Flash flaw

Criminals are exploiting unpatched Adobe Flash flaw

Adobe has warned that online criminals are exploiting an as-yet-unpatched flaw to infect Windows users of its Flash Player software.

According to a security bulletin issued by Adobe, the attackers have been embedding malicious Flash content within boobytrapped Microsoft Word documents sent to intended targets via email.

If an attack is successful, the result would be that a remote attacker can take control of a PC.

Adobe Flash Player 28.0.0.137 and earlier versions are said to be vulnerable to the attack. You can check which version of Flash you have installed on your computer here.

The good news is that Adobe has said it will release a patch for this latest vulnerability sometime this week.

But this is surely yet another reason for Adobe Flash’s still large number of users to consider whether it’s time to call an end to what can charitably be called a rocky relationship.

Adobe Flash has let you down time and time again, forcing you to pick up the pieces and try to mend what’s broken.

It’s not as if Adobe Flash has a future.

Adobe has announced that it will be no longer updating or distributing Flash after 2020, and Android and iOS users seem to be managing just fine surfing the internet without Adobe Flash right now.

It doesn’t take Nostradamus to predict that this isn’t going to be the last discovery of a remotely exploitable vulnerability in Flash. Chances are that there is another zero-day vulnerability in Adobe Flash just around the corner.

Protect yourself now by either removing Flash from your computers or, if you decide that’s not a viable option for you just yet, enable “Click to Play” to give your computers an additional layer of protection against Flash attacks.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.
Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET UPDATES