Less than a month after a critical Flash vulnerability allowed an attacker to take control of a Mac, Adobe has issued an emergency update for yet another critical flaw. The latest one is already being exploited by ransomware that encrypts Windows PCs, but while there’s no known exploit for OS X as yet, Adobe says that the same vulnerability exists on all platforms, and users should update immediately …
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 22.214.171.1246 and earlier.
Apple often blocks vulnerable versions of Flash in Safari, but as that takes time, it’s best not to rely on this. You can update your version of Flash by visiting Adobe’s update page and hitting the ‘Install now’ button. Flash updates should, of course, be refused from other sites as it’s not unusual for malware-infected fake versions to be offered.
Given the succession of vulnerabilities found in Flash, Steve Jobs’ 2010 essay seems as relevant today as it was then. With an increasing number of people opting to zap Flash from their systems altogether, I think I’m going to try the experiment myself.
Via and photo: Reuters