Another Adobe Vulnerability: Time to Dump Flash?
For the fourth time in as many months, Adobe has released another critical update to its Flash software. The update addresses a new zero day vulnerability that was discovered last week. Such zero day vulnerabilities are not known to the creators of the vulnerable software or to the public. Subsequently, they can be exploited by cybercriminals to infect computers and mobile devices running the software.
The vulnerability affects Adobe Flash Player 21.0.0.242 and earlier versions for Windows, Mac, Linux, and the Chrome operating system. According to Adobe, a successful exploitation of it “could cause a crash and potentially allow an attacker to take control of the affected system.” The company has qualified this as a Critical update, referring to a vulnerability which can be exploited to allow malicious code to be executed without a user being aware.
There are reports that the vulnerability has already been exploited by cybercriminals, though in a limited capacity. To download the patch to Adobe Flash, go to https://helpx.adobe.com/security/products/flash-player/apsb16-18.html
There is a strong argument for users to stop using Flash in their browsers. While you may miss out on a little bit of content, the security risks of using Flash seem to increase every day.
Here is how you can disable Flash in your browser:
Chrome
- Type chrome://plugins/ into Chrome's address bar and press Enter.
- Under the Adobe Flash Player section, click the blue text that says “Disable.”
Firefox
- Click on the main menu in Firefox (the three horizontal lines in the top right corner).
- In the menu, select “Add-ons.”
- On the following page, select “Plugins” on the left panel.
- Click on the drop down menu next to “Shockwave Flash” and select “Never Activate.”
Internet Explorer
- In Internet Explorer, click the gear icon and select “Manage add-ons.”
- On the left side menu under “Add-on Types,” there’s a dropdown menu underneath the word “Show:” Select “All add-ons” on this menu.
- Under “MIcrosoft Windows Third Party Application Component,” right-click the “Shockwave Flash Object” and select “Disable.”