The vulnerabilities affect those using the plugin in Windows, Mac, and Linux, including those versions provided in browsers like Chrome. And at least one of these bugs is currently known to those who walk on the darker side of the Web, with Adobe saying that the patch fixes an exploit that is being used in “limited, targeted attacks.”
While that exploit is singled out as particularly nasty since it can be triggered simply by visiting the wrong website, the rest could be just as dangerous. The vulnerabilities include “13 use-after-free vulnerabilities, four memory corruption vulnerabilities, and one type-confusion vulnerability,” as noted by CSO.
If you’re running anything earlier than Flash version 20.0.0.267, you’ll need to update. If you aren’t sure, head over to Adobe’s About Flash Player page, which will show you the version you’re running. The security bulletin issued by the company provides instructions on how to update the software.
This is far from the first time this year that such a patch has been released. Earlier this year we reported that the Italian spyware firm Hacking Team had itself been hacked. Among the files distributed as a result were multiple major security flaws in Flash that the group had kept to itself in order to use in its work.
These types of vulnerabilities, along with improvements in various alternative Web technologies, have led to many companies deciding to abandon Flash as a whole. Several sites including YouTube have dropped Flash in favor of HTML5 video, while in July, Facebook’s security chief called for Adobe to set an end-of-life date for the aging technology.
It seems that 2015 may have been the beginning of the end for Flash, but what does 2016 hold in store?
