Security firm Trend Micro has pointed out an unscheduled patch for Adobe Flash Player that fixes a zero-day vulnerability in the aging software. The patch addresses versions 220.127.116.11 and older released before October 11 for the Windows and Macintosh platforms, and versions 18.104.22.1687 and earlier for Linux. The firm urges all Flash Player users to update the installed software immediately to keep hackers from gaining access to their PCs.
The vulnerability is designated as CVE-2016-7855, and enables hackers to run malicious code on a target PC using a Flash file. In turn, this code can install various threats in the PC’s system that eventually can grant the hacker full control. Adobe’s security bulletin lists the problem as “critical,” meaning there is a possibility malicious code could be executed through the Flash vulnerability without the target user being aware of any problem.
As per the bulletin, hackers are exploiting the vulnerability in limited, targeted attacks. The affected machines are based on Windows 7, Windows 8.1, and Windows 10. There is no sign that Linux machines are also being targeted, but Adobe is updating Flash Player for that platform nonetheless, as well as Apple’s Mac devices.
“The built-in update mechanism of Flash will either automatically install the update or prompt the user to do so,” Trend Micro reports. “The versions of Flash that are integrated into Google Chrome and Microsoft Edge/Internet Explorer will receive updates via the update mechanisms of those browsers.”
Web surfers not sure about what version of Flash Player they are using can check the version number by heading here to allow Adobe’s website to scan the locally installed software. Users can also right-click on a webpage’s many Flash components and select “About Adobe (or Macromedia) Flash Player” from the menu. Users should do this for every browser installed on the PC.
The new update will bring Adobe Flash Player up to version 22.214.171.124 for Windows/Mac/Chrome OS, and up to version 126.96.36.1993 for Linux. It revises the Adobe Flash Player Desktop Runtime, Adobe Flash Player for Google Chrome (and Chrome OS), Adobe Flash Player for Internet Explorer and Microsoft Edge, and Adobe Flash Player for Linux.
This latest patch highlights the need to move away from using Adobe Flash on the web. Although it transformed a plain, GIF/JPG-embedded internet into an interactive multimedia experience, the software has also been the target of hackers as they seek to infiltrate connected devices. Vulnerabilities continue to appear, hackers continue to take advantage of them, and Adobe seems to be working around the clock just to plug in the budding security holes.
HTML5 has become the new internet standard, enabling rich multimedia experiences without web surfers needing to install software outside the browser. Even Adobe is pushing to move beyond the aging Flash platform, and will probably have a lot more time on its hands once Flash is fully phased out.
Until then, web surfers will need to endure the production line of Flash Player security patches as they roll out.