2 min read

With 36 security fixes, you should either update Adobe Flash now... or kill it

Graham CLULEY

June 17, 2016

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
With 36 security fixes, you should either update Adobe Flash now... or kill it

Adobe has issued an update for its widely-used Flash Player browser plugin, patching a total of 36 different vulnerabilities.

Here is how Adobe has described the updates in its latest security bulletin:

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Adobe is aware of a report that an exploit for CVE-2016-4171 exists in the wild, and is being used in limited, targeted attacks.

It’s that mention of the zero-day vulnerability being actively exploited which has, of course, garnered most of the attention.

Security researchers discovered that an online gang known as ScarCruft were exploiting the zero-day flaw in March, and privately disclosed details to Adobe so a fix could be produced. The ScarCruft gang seems to be exploiting security holes in Adobe Flash and Internet Explorer in malware campaigns they have described as “Operation Daybreak” and “Operation Erebus”.

ScarCruft? Operation Daybreak? Operation Erebus? Who comes up with these names? Oh that’s right, it’s the marketing departments of security firms.

Joking aside, even if a vulnerability has only been spotted being exploited in limited targeted attacks so far, it makes sense for everyone to secure their systems. When details of a flaw become known it is not uncommon for other criminal gangs to take an interest in taking advantage.

Flash has earned itself a poor reputation in recent years, frequently exploited by online criminals as a method to infect the computers of innocent internet users. And although Adobe has hardened the security of the software, and introduced a series of enhancements into its code to mitigate against common types of attacks, it’s a reputation that Adobe Flash Player has failed to shake off.

It’s no wonder then that so many computer users are beginning to question whether they really need Adobe Flash at all, or whether their online activity would be safer if they dumped the software altogether.

Even if you’re not quite ready to take the plunge just yet and remove Adobe Flash Player in its entirety from your computer, you might decide to enable features like “Click to Play” (which allow you to choose when Flash code is rendered by your browser on a particular website) or confine Flash to a separate browser for specific purposes rather than the one you use to regularly access the web.

click-to-play

If you decide that you will persist with Flash rather than dump it in the trash, you must keep it updated on your computers. Most people probably rely upon Adobe’s own automatic updates – but I often find they are slow to recognize that a new version of the software is available, and so I prefer to trigger an update manually.

If you are unsure about whether you are currently running the latest edition of Adobe Flash Player, you can always check on Adobe’s website, and download the most recent version.

Just please be sure, if you take this route, that you download Flash Player from the genuine Adobe website. On many occasions we have seen criminals using social engineering tricks to dupe unsuspecting users into installing bogus Adobe updates, which go on to compromise their computers.

tags


Author



Right now

Top posts

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths Prison for ex-eBay staff who aggressively cyberstalked company's critics with Craigslist sex party ads and funeral wreaths
Graham CLULEY

September 30, 2022

2 min read
Honolulu Man Sabotaged Former Employer’s Network and Business Using Still-Active Credentials Honolulu Man Sabotaged Former Employer’s Network and Business Using Still-Active Credentials
Silviu STAHIE

September 30, 2022

1 min read
North Korean Gang Uses Compromised Open Source Software to Distribute Malware, Researchers Find North Korean Gang Uses Compromised Open Source Software to Distribute Malware, Researchers Find
Silviu STAHIE

September 30, 2022

1 min read