Adobe confirms critical vulnerability affecting Flash across all platforms

midian182

midian182

Posts: 9,734   +121
Staff member

Just one day after releasing its monthly security update, Adobe has confirmed through a bulletin on its website that it has discovered a new “critical vulnerability” in Flash Player that affects versions running on Windows, Mac and Linux operating systems. The exploit can cause systems to crash and allow hackers to take control of them.

Adobe said it will issue a security update next week to address the plug-in’s vulnerability, which it has labelled CVE-2015-7645. Until the fix is released, anyone who has Adobe Flash Player installed on their machines may find removing it is the only way to guarantee their PC’s security.

“Adobe is aware of a report that an exploit for this vulnerability is being used in limited, targeted attacks. Adobe expects to make an update available during the week of October 19," the company wrote on its website.

Cyberespionage group Pawn Storm has been using the new Flash exploit in their latest campaign. The group sent spear phishing emails to several foreign ministries around the world which contained links leading to the vulnerability, according to Trend Micro.

Flash was once the standard for internet video, casual games and any kind of animation. At the height of its popularity it ran on 800 million cell phones manufactured by 20 handset makers, although it was famously never supported on Apple’s mobile devices. Steve Jobs launched a high profile attack on Flash in 2010, calling it a “CPU hog” and full of “security holes.” The plug-in’s popularity is falling by the day; only 20 percent of sites now use Flash content (counting ads), compared with 50 percent in 2011.

News of this latest vulnerability in Adobe’s software will doubtlessly provide more ammunition to those in the tech community who are calling for Flash to be permanently retired. Adobe has so far ignored these calls, but every new exploit discovered is another nail in Flash’s coffin. You can download the new patched version of Flash right here.

Permalink to story.

https://www.techspot.com/news/62453-adobe-confirms-critical-vulnerability-affecting-flash-across-all.html

 
I don't even think I have flash installed, haven't needed it in years. Flash is dying too slow a death, we just need to take it out back and put it down.
 
yRaz said:
I don't even think I have flash installed, haven't needed it in years. Flash is dying too slow a death, we just need to take it out back and put it down.
Click to expand...

Flash died the moment HTML5 hit the web. It's an animated corpse at this point.
 
"Anyone who has Adobe Flash Player installed on their machines may find removing it is the only way to guarantee their PC’s security."

agreed
 
  • Like
Reactions: Darth Shiv
Let us all unite to quickly kill this unsecured plugin. Once it is gone, all sites would move to html5 for sure.
 
I have been running with Flash disabled for ages now. I have found virtually everything I need works just fine without it. Occasionally I switch it back on to stream a film but that's about it.
 
I haven't used flash for a few months now (thanks to whomever posted the uninstall link). The only think that I can't use is Pandora - no other issues at all.
and life is good
 
Sniped_Ash said:
"Anyone who has Adobe Flash Player installed on their machines may find removing it is the only way to guarantee their PC’s security."

agreed
Click to expand...

"Anyone who is connected to the internet may find that disabling their internet connection is the only way to guarantee their PC's security."

agreed.

But let's focus exclusively on Flash just for kicks and giggles.
 
Adobe clings to Flash like dead skin cells that won't go away. Just kill it already. HTML 5 is on the rise, and Flash will be relegated to the dustbins of computer history.
 
I have Flash uninstalled since a few months ago, but I run a basic VM with Flash installed for viewing multimedia content outside of Youtube. Flash is as insecure as Android is, since almost 9 out of 10 Android devices fall under the "insecure" category.
 
cliffordcooley said:
If you chose the option not to include Chrome, you get a download that doesn't include Chrome. It is not like other sites where you have no choice but to download the bundle and then opt out during install. Adobe gives the option to or not to download the bundle.
Click to expand...
I use Chrome browser so when it automatically updates it must update the flash player as well because it's baked in. If you install Chrome from Googles site you don't have the option to opt out of any additional packages but you can disable them within Chrome settings, I'm not sure about the flash player though.
Truth be told, who actually knows which sites use HTML 5 or Adobe flash? I certainly don't.
P.S. I've just checked now and it can be disabled but I won't bother, I don't visit shady sites anyway. The shadiest site I visit is TS and it's shady only because I'm a member ;):D
 
Skidmarksdeluxe said:
I use Chrome browser so when it automatically updates it must update the flash player as well because it's baked in. If you install Chrome from Googles site you don't have the option to opt out
Click to expand...
I think I misread your question, thinking it was referring to Adobe bundling Chrome in the Flash installer. I couldn't say what Chrome bundles in their installer.
 
You must log in or register to reply here.

Similar threads

A
Some QNAP NAS devices affected by a critical vulnerability, updates available right now
Replies
4
Views
179
Puiu
Puiu
Daniel Sims
Unpatchable Apple Silicon vulnerability could leak encryption keys
Replies
15
Views
271
Dreadcthulhu
D
Jimmy2x
New HTTP/2 vulnerability leaves servers in danger of devastating DoS attacks, even from a single TCP connection
Replies
4
Views
121
bviktor
B

Latest posts

Back