2 min read

Update Flash now - targeted attacks exploiting security holes

Graham CLULEY

March 11, 2016

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Update Flash now - targeted attacks exploiting security holes

Windows, Mac and Linux users are being urged to update their installations of Adobe Flash, after the company pushed out a security patch addressing 23 reported vulnerabilities in the software.

Amongst the critical vulnerabilities reportedly fixed by Adobe are security flaws that could allow a hacker to gain complete control over victims’ computers, and one of the vulnerabilities (CVE-2016-1010) is said to be being actively exploited in “limited, targeted attacks.”

If you use Google Chrome, Internet Explorer or Edge as your web browser then its Chrome component should be updated automatically. Nonetheless, I would still recommend you ensure that any other installation of Flash you have on your computer is also patched – as web browsers are not the only vector through which we see Flash-based malware being spread by attackers.

Some people, of course, are fed up with the regular exploitation of Adobe Flash and have chosen to remove it entirely from their computers. That’s a stance I’m sympathetic with, but it’s not one that will work for everyone.

As a result, I generally recommend that users enable Click-to-Play instead, and stop Flash elements from being rendered in their browsers until they have given explicit permission for them to run.

In this way you can reduce the chances of malicious Flash code running on your computer, or being exposed to risks such as Flash-based malvertising.

For most people who have chosen to keep Flash on their computers, my additional recommendation is that you instruct the Adobe software to automatically receive updates. If you are worried that your computer is taking too long to notice there is an update available, then you may wish to visit the Adobe Flash Player Download Center.

You can check which version of Flash you have installed on your computer by visiting this page on Adobe’s website.

Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 21.0.0.182 or later. If you are running Flash Player on Linux, the version you should be running is 11.2.202.577 or later.

It also makes sense for users of Adobe’s AIR desktop runtime and AIR SDK to also update to the latest version.

Sadly, Adobe products have a long history of being abused by online criminals who have found it all too easy to find exploitable vulnerabilities in the company’s code. That, combined with the widespread use of the software, has made it a successful vector for malicious hackers interested in compromising systems.

Despite Adobe’s best efforts, there’s no sign that the discovery of security holes in its software is going to come to an end anytime soon. Keep your wits about you and, essentially, if you’re going to use Adobe products keep them up-to-date.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Chinese criminals scam kids desperate to play games for more than three hours a week Chinese criminals scam kids desperate to play games for more than three hours a week
Graham CLULEY

August 12, 2022

2 min read
Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach
Silviu STAHIE

August 09, 2022

1 min read
Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read