Adobe Update Plugs Flash Player Zero-Day

Adobe on Thursday issued a critical update for its ubiquitous Flash Player software that fixes three dozen security holes in the widely-used browser plugin, including at least one vulnerability that is already being exploited for use in targeted attacks.

brokenflash-aThe latest update brings Flash to v. 22.0.0.192 for Windows and Mac users alike. If you have Flash installed, you should update, hobble or remove Flash as soon as possible.

The smartest option is probably to ditch the program once and for all and significantly increase the security of your system in the process. I’ve got more on that approach (as well as slightly less radical solutions ) in A Month Without Adobe Flash Player.

If you choose to update, please do it today. The most recent versions of Flash should be available from this Flash distribution page or the Flash home page. Windows users who browse the Web with anything other than Internet Explorer may need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.). Chrome and IE should auto-install the latest Flash version on browser restart (I had to manually check for updates in Chrome an restart the browser to get the latest Flash version).

For some reason that probably has nothing to do with security, Adobe has decided to stop distributing direct links to its Flash Player software. According to the company’s Flash distribution page, on June 30, 2016 Adobe will decommission direct links to various Flash Player downloads. This will essentially force Flash users to update the program using its built-in automatic updates feature (which sometimes takes days to notice a new security update is available), or to install the program from the company’s Flash Home page — a download that currently bundles McAfee Security Scan Plus and a product called True Key by Intel Security.

Anything that makes it less likely users will update Flash seems like a bad idea, especially when we’re talking about a program that often needs security fixes more than once a month.

From http://redirect.viglink.com?u=http%3A%2F%2Fkrebsonsecurity.com%2F2016%2F06%2Fadobe-update-plugs-flash-player-zero-day%2F&key=ddaed8f51db7bb1330a6f6de768a69b8

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s