2 min read

Update Flash now - targeted attacks exploiting security holes

Graham CLULEY

March 11, 2016

Update Flash now - targeted attacks exploiting security holes

Windows, Mac and Linux users are being urged to update their installations of Adobe Flash, after the company pushed out a security patch addressing 23 reported vulnerabilities in the software.

Amongst the critical vulnerabilities reportedly fixed by Adobe are security flaws that could allow a hacker to gain complete control over victims’ computers, and one of the vulnerabilities (CVE-2016-1010) is said to be being actively exploited in “limited, targeted attacks.”

If you use Google Chrome, Internet Explorer or Edge as your web browser then its Chrome component should be updated automatically. Nonetheless, I would still recommend you ensure that any other installation of Flash you have on your computer is also patched – as web browsers are not the only vector through which we see Flash-based malware being spread by attackers.

Some people, of course, are fed up with the regular exploitation of Adobe Flash and have chosen to remove it entirely from their computers. That’s a stance I’m sympathetic with, but it’s not one that will work for everyone.

As a result, I generally recommend that users enable Click-to-Play instead, and stop Flash elements from being rendered in their browsers until they have given explicit permission for them to run.

In this way you can reduce the chances of malicious Flash code running on your computer, or being exposed to risks such as Flash-based malvertising.

For most people who have chosen to keep Flash on their computers, my additional recommendation is that you instruct the Adobe software to automatically receive updates. If you are worried that your computer is taking too long to notice there is an update available, then you may wish to visit the Adobe Flash Player Download Center.

You can check which version of Flash you have installed on your computer by visiting this page on Adobe’s website.

Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to 21.0.0.182 or later. If you are running Flash Player on Linux, the version you should be running is 11.2.202.577 or later.

It also makes sense for users of Adobe’s AIR desktop runtime and AIR SDK to also update to the latest version.

Sadly, Adobe products have a long history of being abused by online criminals who have found it all too easy to find exploitable vulnerabilities in the company’s code. That, combined with the widespread use of the software, has made it a successful vector for malicious hackers interested in compromising systems.

Despite Adobe’s best efforts, there’s no sign that the discovery of security holes in its software is going to come to an end anytime soon. Keep your wits about you and, essentially, if you’re going to use Adobe products keep them up-to-date.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Romance scammers arrested in Texas for defrauding elderly lonely hearts Romance scammers arrested in Texas for defrauding elderly lonely hearts
Graham CLULEY

September 28, 2021

3 min read
iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find
Silviu STAHIE

September 27, 2021

1 min read
Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement
Silviu STAHIE

September 27, 2021

1 min read