Skip to main content

Adobe desperately patches more holes in the sinking ship that is Flash

adobe finds another critical flaw in flash stock scott braut
Image used with permission by copyright holder
It seems like not a week goes by that Adobe’s aging Web platform doesn’t run into some sort of critical issue. In this case, Adobe has identified 18 vulnerabilities in the current version of Flash, one of which is already being exploited out on the Web.

Adobe groups the vulnerabilities into four different categories: integer overflow, use-after-free, heap overflow, and memory corruption. While the specifics of how these vulnerabilities are exploited is a technical subject best left for another day, what is important is the end goal. Attackers typically hide malicious code behind a Flash ad or interaction, and then use one of these errors to execute code your system believes is a proper Flash file.

Recommended Videos

The most prominent of these errors is corrected by update CVE-2016-1010, and is the only one Adobe identified in limited use already. The notes at the bottom credit Anton Ivanov of Kaspersky Labs in relation to this vulnerability, but not whether Ivanov discovered or proposed a solution to it.

Please enable Javascript to view this content

Thankfully, Adobe has already rolled out a hot fix for these issues, and recommends updating to the desktop runtime version 21.0.0.182 for both Windows and Mac OS X. Users who rely on the Flash plugins built into browsers can sleep easy, Microsoft Edge, Chrome, and Internet Explorer all have an automatic update that will patch the new holes in the wall.

This should all sound familiar. In the final days of 2015, Adobe rolled out a patch that corrected (I can’t make this stuff up) 18 critical vulnerabilities, one of which was known to already be in use by attackers out in the world. It’s far from the first time either, as Flash is becoming more well known for exploits than anything else nowadays.

It should be abundantly clear at this point to the savvy Web surfer that Adobe Flash is bad news. It used to be the standard, but in the last few years has fallen into a state of shabby disrepair, and is all too often exploited by hackers, malware, and those who would challenge the safety of the friendly Internet. YouTube and other video streaming services have moved towards HTML5, Facebook’s head of security wants an end-of-life date for the platform, and all of Google’s ads will be heading the same way within the next two years.

Now is the time to stand up to broken, vulnerable software and demand better from the Internet. Uninstall today, and join the revolution.

Brad Bourque
Former Digital Trends Contributor
Brad Bourque is a native Portlander, devout nerd, and craft beer enthusiast. He studied creative writing at Willamette…
Turns out, it’s not that hard to do what OpenAI does for less
OpenAI's new typeface OpenAI Sans

Even as OpenAI continues clinging to its assertion that the only path to AGI lies through massive financial and energy expenditures, independent researchers are leveraging open-source technologies to match the performance of its most powerful models -- and do so at a fraction of the price.

Last Friday, a unified team from Stanford University and the University of Washington announced that they had trained a math and coding-focused large language model that performs as well as OpenAI's o1 and DeepSeek's R1 reasoning models. It cost just $50 in cloud compute credits to build. The team reportedly used an off-the-shelf base model, then distilled Google's Gemini 2.0 Flash Thinking Experimental model into it. The process of distilling AIs involves pulling the relevant information to complete a specific task from a larger AI model and transferring it to a smaller one.

Read more
New MediaTek Chromebook benchmark surfaces with impressive speed
Asus Chromebook CX14

Many SoCs are being prepared for upcoming 2025 devices, and a recent benchmark suggests that a MediaTek chipset could make Chromebooks as fast as they have ever been this year.

Referencing the GeekBench benchmark, ChromeUnboxed discovered the latest scores of the MediaTek MT8196 chip, which has been reported on for some time now. With the chip being housed on the motherboard codenamed ‘Navi,’ the benchmark shows the chip excelling in single-core and multi-core benchmarks, as well as in GPU, NPU, and some other tests run.

Read more
Chrome incognito just got even more private with this change
The Chrome browser on the Nothing Phone 2a.

Google Chrome's Incognito mode and InPrivate just became even more private, as they no longer save copied text and media to the clipboard, according to Windows Latest. The changes apply to Windows 11 and 10 users and were rolled out in 2024. However, neither Microsoft nor Google documented it.

Even though this change is not a recent feature, it's odd that neither tech giant thought it was worth mentioning. Previously, the default setting was that when a user saved text or images to the clipboard history, it was synced with Cloud Clipboard on Windows. Moreover, accessing this synced content was as simple as pressing the Windows and V keys, which poses a security risk, especially when using incognito mode.

Read more