Just one day after releasing its monthly security update, Adobe has confirmed through a bulletin on its website that it has discovered a new “critical vulnerability” in Flash Player that affects versions running on Windows, Mac and Linux operating systems. The exploit can cause systems to crash and allow hackers to take control of them.
Adobe said it will issue a security update next week to address the plug-in’s vulnerability, which it has labelled CVE-2015-7645. Until the fix is released, anyone who has Adobe Flash Player installed on their machines may find removing it is the only way to guarantee their PC’s security.
“Adobe is aware of a report that an exploit for this vulnerability is being used in limited, targeted attacks. Adobe expects to make an update available during the week of October 19," the company wrote on its website.
Cyberespionage group Pawn Storm has been using the new Flash exploit in their latest campaign. The group sent spear phishing emails to several foreign ministries around the world which contained links leading to the vulnerability, according to Trend Micro.
Flash was once the standard for internet video, casual games and any kind of animation. At the height of its popularity it ran on 800 million cell phones manufactured by 20 handset makers, although it was famously never supported on Apple’s mobile devices. Steve Jobs launched a high profile attack on Flash in 2010, calling it a “CPU hog” and full of “security holes.” The plug-in’s popularity is falling by the day; only 20 percent of sites now use Flash content (counting ads), compared with 50 percent in 2011.
News of this latest vulnerability in Adobe’s software will doubtlessly provide more ammunition to those in the tech community who are calling for Flash to be permanently retired. Adobe has so far ignored these calls, but every new exploit discovered is another nail in Flash’s coffin. You can download the new patched version of Flash right here.