Home / Software & Gaming / Security / Another week, another Flash vulnerability

Another week, another Flash vulnerability

You really should disable or uninstall Adobe Flash at this point. If you haven't yet done so however here is another reason, following on from last week's 0-day exploit; there is another critical vulnerability that is being actively exploited in the wild, the only difference this time is that there is no security update yet. Even better, we don't actually know when it will be patched other than, “during the week of February 2” and pretty much everyone is affected.

So now that YouTube has finally moved on to HTML-5 as the default video player and ditched Flash, there are probably  not that many websites where you really need it. What you can do in this case is at least disable it unless it's needed, if you really do want to keep it installed for now. There are some pretty good step-by-step instructions for disabling Flash here incase you need to send them to friends and relatives.
flash-logo
Adobe released a security bulletin earlier today with the following information “A Security Advisory (APSA15-02) has been published regarding a critical vulnerability (CVE-2015-0313) in Adobe Flash Player 16.0.0.296 and earlier versions for Windows, Macintosh and Linux. We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below.”

The vulnerability was found by researchers at Microsoft and Trend Micro and in this case, merely visiting a website with a malicious bit of Flash code can infect your machine, hence the name “drive-by-download attack”. If you really need flash for a critical application or web service, then be sure to only click on links that you trust and do not visits any unknown websites until an update is released.

Hopefully we will get an update from Adobe to resolve this within the week, but in the meantime and even the long run, unless you really need Flash either disable it or uninstall it. When fewer people have it installed, web developers will hopefully stop relying on it for vital parts of the services they bring us, which should make the internet a far more secure place.

Discuss on our Facebook page, HERE.

KitGuru Says: Disabling Flash can be a pain, but its well worth doing to protect against this and future undiscovered security issues. Are you using any sites that still require Flash, or do you know anyone who has it installed?

Source: Adobe blog

Become a Patron!

Check Also

Riot offering up to $100,000 to find Vanguard anti-cheat bugs

When Riot launched Valorant, it also launched a deeply rooted anti-cheat system, Vanguard. This anti-cheat …

9 comments

  1. Then if you use only Google Chrome like me , you shouldn’t worry about it

  2. Steam asked me to install flash a couple days ago just to view some stats. I really do think the day has come for flash to roll over and die now.

  3. just checked mine no adobe , have Microsoft shock flash , what ever that is ?

  4. Twitch.tv uses flash, or at least did up until a few weeks ago when I last used it. It doesn’t help that the app is absolutely hopeless – you can’t watch streams that aren’t of a few mainstream games (I’m interested in watching NS2 casts), and watching old casts back isn’t possible on the app. That means you have to use the website, and the player there seems to only work if you use an Android browser with flash enabled. :/

  5. Chrome has flash built-in though?

  6. Type chrome:plugins into your chrome address bar if you want to disable the built in flash distro, I’ve just checked and Twitch.tv no longer works.

  7. You can always try Shumway as an alternative.

  8. Unfortunately Twitch does use Flash, so it’s pretty much mandatory for me until that changes :/

  9. vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below.”