It's time to say 'Welcome to dumpsville Adobe Flash', as new unpatched flaw exploited by criminals

Adobe promises a patch sometime this week, but it’s living on borrowed time.

Criminals are exploiting unpatched Adobe Flash flaw

Adobe has warned that online criminals are exploiting an as-yet-unpatched flaw to infect Windows users of its Flash Player software.

According to a security bulletin issued by Adobe, the attackers have been embedding malicious Flash content within boobytrapped Microsoft Word documents sent to intended targets via email.

If an attack is successful, the result would be that a remote attacker can take control of a PC.

Adobe Flash Player 28.0.0.137 and earlier versions are said to be vulnerable to the attack. You can check which version of Flash you have installed on your computer here.

The good news is that Adobe has said it will release a patch for this latest vulnerability sometime this week.

But this is surely yet another reason for Adobe Flash's still large number of users to consider whether it's time to call an end to what can charitably be called a rocky relationship.

Adobe Flash has let you down time and time again, forcing you to pick up the pieces and try to mend what's broken.

It's not as if Adobe Flash has a future.

Adobe has announced that it will be no longer updating or distributing Flash after 2020, and Android and iOS users seem to be managing just fine surfing the internet without Adobe Flash right now.

It doesn't take Nostradamus to predict that this isn't going to be the last discovery of a remotely exploitable vulnerability in Flash. Chances are that there is another zero-day vulnerability in Adobe Flash just around the corner.

Protect yourself now by either removing Flash from your computers or, if you decide that's not a viable option for you just yet, enable "Click to Play" to give your computers an additional layer of protection against Flash attacks.

Tags: , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episodes:

, , ,

No comments yet.

Leave a Reply