Skip to main content
  1. Home
  2. Computing
  3. Web
  4. News

Adobe desperately patches more holes in the sinking ship that is Flash

Brad Bourque
By

adobe finds another critical flaw in flash stock scott braut
It seems like not a week goes by that Adobe’s aging Web platform doesn’t run into some sort of critical issue. In this case, Adobe has identified 18 vulnerabilities in the current version of Flash, one of which is already being exploited out on the Web.

Adobe groups the vulnerabilities into four different categories: integer overflow, use-after-free, heap overflow, and memory corruption. While the specifics of how these vulnerabilities are exploited is a technical subject best left for another day, what is important is the end goal. Attackers typically hide malicious code behind a Flash ad or interaction, and then use one of these errors to execute code your system believes is a proper Flash file.

The most prominent of these errors is corrected by update CVE-2016-1010, and is the only one Adobe identified in limited use already. The notes at the bottom credit Anton Ivanov of Kaspersky Labs in relation to this vulnerability, but not whether Ivanov discovered or proposed a solution to it.

Thankfully, Adobe has already rolled out a hot fix for these issues, and recommends updating to the desktop runtime version 21.0.0.182 for both Windows and Mac OS X. Users who rely on the Flash plugins built into browsers can sleep easy, Microsoft Edge, Chrome, and Internet Explorer all have an automatic update that will patch the new holes in the wall.

This should all sound familiar. In the final days of 2015, Adobe rolled out a patch that corrected (I can’t make this stuff up) 18 critical vulnerabilities, one of which was known to already be in use by attackers out in the world. It’s far from the first time either, as Flash is becoming more well known for exploits than anything else nowadays.

It should be abundantly clear at this point to the savvy Web surfer that Adobe Flash is bad news. It used to be the standard, but in the last few years has fallen into a state of shabby disrepair, and is all too often exploited by hackers, malware, and those who would challenge the safety of the friendly Internet. YouTube and other video streaming services have moved towards HTML5, Facebook’s head of security wants an end-of-life date for the platform, and all of Google’s ads will be heading the same way within the next two years.

Now is the time to stand up to broken, vulnerable software and demand better from the Internet. Uninstall today, and join the revolution.

Editors' Recommendations

Malwarebytes resolves error that was blocking Google this morning
malwarebytes shows av firms failing customers keyboard virus mem2
This beloved TikTok hashtag just got its own app feature
The TikTok app on a smartphone's screen. The smartphone is sitting on a white table.
Windows 11 2022 Update: the best new features to try out today
Android Apps on Windows 11
Windows 11 vs. Windows 10: Finally time to upgrade?
Windows 11 and Windows 10 operating system logos are displayed on laptop screens.
Best laser printer deals: Save on Brother and Canon today
A person uses a smartphone to print something with a Brother MFC-L2710DW wireless monochrome laser printer on an office table.
The best gaming laptops in 2022
2019 Razer Blade Pro 17
The best Wi-Fi 6 routers for 2022
The Nighthawk RAXE300 on a tabletop in a home.
The best Chromebooks for 2022: great choices at every price point
Close up of the Chrome logo on the top of a Chromebook.
Best Chromebook deals for October 2022
Google Meets on an HP Chromebook.
Best HP Envy deals for October 2022
An HP Envy 17-inch laptop sits on an office desk.
Best desktop computer deals for October 2022
The HP Pavilion desktop computer accompanied by two gaming monitors and a colorful gaming keyboard.
Best VPN deals and sales for October 2022
A close-up of a computer monitor displaying a generic VPN.
Best refurbished laptops deals and sales for October 2022
microsoft surface laptop go 2020 on desk