Adobe this week revealed yet another critical vulnerability in Flash which can affect Windows, Mac, and Linux system. The exploit can allow a hacker to cause a crash and take control of your system.
This exploit comes on the heels of the company releasing several patches (69 to be exact) earlier in the week for Flash, Reader, and Acrobat.
According to the Adobe Security Bulletin:
A critical vulnerability (CVE-2015-7645) has been identified in Adobe Flash Player 18.104.22.168 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe is aware of a report that an exploit for this vulnerability is being used in limited, targeted attacks.
UPDATE: Adobe expects updates to be available as early as October 16.
Update 10/16/2016: Adobe has indeed patched this latest exploit. However, to protect yourself from the inevitable future vulnerabilities, I recommend implementing the following steps.
Help Protect Your Computer from Flash Exploits
We all know that Flash is going the way of the dinosaur, and the best way to protect your system is to uninstall Adobe Flash completely. Unfortunately, that option might not be realistic for a lot of users.
But what you can do is manage when Flash is used by setting up the Click to Play option for it in your browser(s). With it enabled, your browser won’t automatically start rendering potentially malicious Flash content. It put you in control to authorize what is or isn’t displayed.
For most browsers, you can find an add-on that will block flash for you, but you can also do it manually. Here’s a look at doing it in the big three.
In Chrome open Settings and then select Show advanced settings. Scroll down and click Content settings under the Privacy section.
Scroll down to Plug-ins and then check Let me choose when to run plugin content.
The easiest method is to install the Flashblock addon. But to do it manually, head to Tools > Add-ons and select Plugins.
Scroll down and find Shockwave Flash and change the option to Ask to Activate.
Of course, in IE disabling Flash is the clunkiest…anyway…go to Tools > Manage add-ons.
Then select All add-ons from the dropdown menu under Show.
Next click Remove all sites at the bottom and close out of the settings.
Disabling Flash in IE is kind of an all or nothing deal. When you reach a site with Flash content, you can either allow it to run on the entire site or not.
When you get to a site with Flash content in Firefox or Chrome, you’ll see that it has been blocked, similar to the shot below. Then choose if you want to run it or not.
Now you have control when Flash content plays, no matter which browser you’re using.
The Demise of Flash Continues
When it comes to vulnerabilities, Adobe Flash has more security holes than Swiss cheese. Remember when Steve Jobs wrote an open letter about his disdain for Flash? That was back in 2010, and yet it still exists out there.
Tech companies are doing their best to take steps to eliminate it, too. Here are just a few examples:
Google has officially killed off Flash ads in Chrome. Google AdWords makes it possible to automatically convert ads created with Flash to HTML5, the safe and reliable format that is replacing Flash.
Amazon has banned Flash ads, and it is blocked on most modern mobile device platforms. In fact, on mobile, you need to go through a lot of hoops just to view Flash content.
There is even an Occupy Flash movement with the goal to end the world of the Flash Player plugin.
If uninstalling Flash isn’t a viable option for your situation, enabling the Click to Play feature in your browser is your best bet. And, of course, always make sure you have the most updated version at all times.
After implementing this, you’ll be surprised how much Flash is still out there. A lot of prominent sites you’d think had done away with it, but it’s still around.