2 min read

Update Flash now - targeted attacks exploiting security holes

Graham CLULEY

March 11, 2016

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Update Flash now - targeted attacks exploiting security holes

Windows, Mac and Linux users are being urged to update their installations of Adobe Flash, after the company pushed out a security patch addressing 23 reported vulnerabilities in the software.

Amongst the critical vulnerabilities reportedly fixed by Adobe are security flaws that could allow a hacker to gain complete control over victims’ computers, and one of the vulnerabilities (CVE-2016-1010) is said to be being actively exploited in “limited, targeted attacks.”

If you use Google Chrome, Internet Explorer or Edge as your web browser then its Chrome component should be updated automatically. Nonetheless, I would still recommend you ensure that any other installation of Flash you have on your computer is also patched – as web browsers are not the only vector through which we see Flash-based malware being spread by attackers.

Some people, of course, are fed up with the regular exploitation of Adobe Flash and have chosen to remove it entirely from their computers. That’s a stance I’m sympathetic with, but it’s not one that will work for everyone.

As a result, I generally recommend that users enable Click-to-Play instead, and stop Flash elements from being rendered in their browsers until they have given explicit permission for them to run.

In this way you can reduce the chances of malicious Flash code running on your computer, or being exposed to risks such as Flash-based malvertising.

For most people who have chosen to keep Flash on their computers, my additional recommendation is that you instruct the Adobe software to automatically receive updates. If you are worried that your computer is taking too long to notice there is an update available, then you may wish to visit the Adobe Flash Player Download Center.

You can check which version of Flash you have installed on your computer by visiting this page on Adobe’s website.

Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 21.0.0.182 or later. If you are running Flash Player on Linux, the version you should be running is 11.2.202.577 or later.

It also makes sense for users of Adobe’s AIR desktop runtime and AIR SDK to also update to the latest version.

Sadly, Adobe products have a long history of being abused by online criminals who have found it all too easy to find exploitable vulnerabilities in the company’s code. That, combined with the widespread use of the software, has made it a successful vector for malicious hackers interested in compromising systems.

Despite Adobe’s best efforts, there’s no sign that the discovery of security holes in its software is going to come to an end anytime soon. Keep your wits about you and, essentially, if you’re going to use Adobe products keep them up-to-date.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Crypto Exchange Finds Location Data on Hacker, Recovers Some Stolen Funds Crypto Exchange Finds Location Data on Hacker, Recovers Some Stolen Funds
Silviu STAHIE

October 04, 2022

2 min read
German Police Arrest Three People Accused of Running Massive Phishing Campaign German Police Arrest Three People Accused of Running Massive Phishing Campaign
Silviu STAHIE

October 03, 2022

1 min read
Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths
Graham CLULEY

September 30, 2022

2 min read