Update Flash now – targeted attacks exploiting security holes

Windows, Mac and Linux users are being urged to update their installations of Adobe Flash, after the company pushed out a security patch addressing 23 reported vulnerabilities in the software.

Amongst the critical vulnerabilities reportedly fixed by Adobe are security flaws that could allow a hacker to gain complete control over victims’ computers, and one of the vulnerabilities (CVE-2016-1010) is said to be being actively exploited in “limited, targeted attacks.”

If you use Google Chrome, Internet Explorer or Edge as your web browser then its Chrome component should be updated automatically.  Nonetheless, I would still recommend you ensure that any other installation of Flash you have on your computer is also patched – as web browsers are not the only vector through which we see Flash-based malware being spread by attackers.

Some people, of course, are fed up with the regular exploitation of Adobe Flash and have chosen to remove it entirely from their computers.  That’s a stance I’m sympathetic with, but it’s not one that will work for everyone.

As a result, I generally recommend that users enable Click-to-Play instead, and stop Flash elements from being rendered in their browsers until they have given explicit permission for them to run.

In this way you can reduce the chances of malicious Flash code running on your computer, or being exposed to risks such as Flash-based malvertising.

For most people who have chosen to keep Flash on their computers, my additional recommendation is that you instruct the Adobe software to automatically receive updates.  If you are worried that your computer is taking too long to notice there is an update available, then you may wish to visit the Adobe Flash Player Download Center.

You can check which version of Flash you have installed on your computer by visiting this page on Adobe’s website.

Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to or later.  If you are running Flash Player on Linux, the version you should be running is or later.

It also makes sense for users of Adobe’s AIR desktop runtime and AIR SDK to also update to the latest version.

Sadly, Adobe products have a long history of being abused by online criminals who have found it all too easy to find exploitable vulnerabilities in the company’s code.  That, combined with the widespread use of the software, has made it a successful vector for malicious hackers interested in compromising systems.

Despite Adobe’s best efforts, there’s no sign that the discovery of security holes in its software is going to come to an end anytime soon.  Keep your wits about you and, essentially, if you’re going to use Adobe products keep them up-to-date.

Leave a Reply