Skip to main content

Adobe issues emergency patch for yet another Flash exploit

A hacker inputting code into a system.
Have you updated Flash recently? Even if you have, you might want to make sure you’re up to date, as yesterday Adobe issued an emergency patch addressing several critical vulnerabilities that the company says “could potentially allow an attacker to take control of the affected system.”

The vulnerabilities affect those using the plugin in Windows, Mac, and Linux, including those versions provided in browsers like Chrome. And at least one of these bugs is currently known to those who walk on the darker side of the Web, with Adobe saying that the patch fixes an exploit that is being used in “limited, targeted attacks.”

While that exploit is singled out as particularly nasty since it can be triggered simply by visiting the wrong website, the rest could be just as dangerous. The vulnerabilities include “13 use-after-free vulnerabilities, four memory corruption vulnerabilities, and one type-confusion vulnerability,” as noted by CSO.

If you’re running anything earlier than Flash version 20.0.0.267, you’ll need to update. If you aren’t sure, head over to Adobe’s About Flash Player page, which will show you the version you’re running. The security bulletin issued by the company provides instructions on how to update the software.

This is far from the first time this year that such a patch has been released. Earlier this year we reported that the Italian spyware firm Hacking Team had itself been hacked. Among the files distributed as a result were multiple major security flaws in Flash that the group had kept to itself in order to use in its work.

These types of vulnerabilities, along with improvements in various alternative Web technologies, have led to many companies deciding to abandon Flash as a whole. Several sites including YouTube have dropped Flash in favor of HTML5 video, while in July, Facebook’s security chief called for Adobe to set an end-of-life date for the aging technology.

It seems that 2015 may have been the beginning of the end for Flash, but what does 2016 hold in store?

Editors' Recommendations

Kris Wouk
Former Digital Trends Contributor
Kris Wouk is a tech writer, gadget reviewer, blogger, and whatever it's called when someone makes videos for the web. In his…
Oh, look! It’s another patched vulnerability in Adobe’s Flash Player software
the hardest video games of all time frustrated gamer

Security firm Trend Micro has pointed out an unscheduled patch for Adobe Flash Player that fixes a zero-day vulnerability in the aging software. The patch addresses versions 23.0.0.185 and older released before October 11 for the Windows and Macintosh platforms, and versions 11.2.202.637 and earlier for Linux. The firm urges all Flash Player users to update the installed software immediately to keep hackers from gaining access to their PCs.

The vulnerability is designated as CVE-2016-7855, and enables hackers to run malicious code on a target PC using a Flash file. In turn, this code can install various threats in the PC’s system that eventually can grant the hacker full control. Adobe’s security bulletin lists the problem as “critical,” meaning there is a possibility malicious code could be executed through the Flash vulnerability without the target user being aware of any problem.

Read more
Adobe Flash will soon be going the way of the dodo in Google Chrome

Mozilla effectively pulled the plug on Flash last month with the announcement that it would begin to automatically block certain content, and Google's Chrome's announcement on Tuesday signaled yet another death knell for Adobe's web plugin. The Mountain View, California-based company announced that by the end of this year, Chrome will no longer display Flash content by default.

The change is a long time coming, really. In June 2015, Google introduced "intelligent pausing" in Chrome, a feature that automatically halted the playback of content, including Flash animations, it deemed "inessential" -- think advertisements and autoplay sidebar videos. In a blog post, Chrome software developer Tommy Li wrote that the feature dramatically sped up web browsing and "significantly [reduced] power consumption." But the choice remained optional: paused content could be resumed with a mouse click.

Read more
Firefox will begin blocking specific, unnecessary Flash content, starting in August
firefox 58 may be first major browser to block canvas fingerprinting mac screen desk

The days of a Flash-flooded Internet are seemingly (finally) coming to a close, as Mozilla said in a blog posted on Wednesday that starting in August, Firefox will automatically block certain Flash-based, “invisible” content that’s not relevant to the user experience. The list of blocked Flash content that can be replaced with HTML will be small at first to ensure website compatibility. However, this list will grow over time.

Later on in 2016, Mozilla will add to its black list the practice of using Flash to check content viewability, which is a method of measuring advertising. According to Mozilla, by blocking this content, Firefox performance will improve, along with device battery life. The company suggests that advertisers who use Flash to measure viewability should switch to the Intersection Observer API, which is based on HTML.

Read more