Adobe patches Flash 0day exploited in attacks
The Adobe Flash Player update announced earlier this week is here, and it fixes more than just the zero-day flaw exploited in attacks in the wild.
All in all, the latest update plugs 25 security holes, all of which could lead to remote code execution, i.e. be leveraged to ultimately take over the system running a vulnerable version of Flash Player.
No details have been shared about any of the fixed vulnerabilities, so as not to help attackers create exploits for them.
Taking all this into account, updating your Flash Player installation is a no-brainer and should be done as soon as possible – especially as an exploit for the zero-day vulnerability (CVE-2016-4117) exists and is currently used in the wild.
Users who have the software installed with Microsoft Edge and Internet Explorer for Windows 10 and 8.1 and/or with Google Chrome, don’t need to do anything, as the update will be automatically implemented.
The rest should upgrade to versions 21.0.0.242 for Windows and Macintosh, version 11.2.202.621 for Linux, and version 18.0.0.352 if the use Adobe Flash Player Extended Support Release.
This is the third month in a row that Adobe pushed out updates to fix a zero-day vulnerability in Flash Player, and the software is loved by attackers as it is still used by (too) many users, who often don’t even known they have it installed, or don’t bother updating it regularly.
It’s possible to live without it, and surf the web without much inconvenience, and many security experts have long been advising users to uninstall it altogether (I did so myself).
There’s always the option to install it again if you really, really need it for some task, and the uninstall it again when you finish it.