Slashdot Mirror

← Back to Stories (view on slashdot.org)

Delete Or Update All Adobe Flash Player Instances, Experts Warn (threatpost.com)

Posted by EditorDavid on from the Flash-in-the-pan dept.

An anonymous reader quotes an article from BankInfoSecurity: Security experts are once again warning enterprises to immediately update -- or delete -- all instances of the Adobe Flash Player they may have installed on any system in the wake of reports that a zero-day flaw in the web browser plug-in is being targeted by an advanced persistent threat group.... The bug exists in Adobe Flash Player 21.0.0.242 and earlier versions -- running on Windows, Mac, Linux, and Chrome OS -- and "successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system." Thursday Adobe released an updated version of Flash patching 36 separate vulnerabilities, including the critical vulnerability which "if exploited would allow malicious native-code to execute, potentially without a user being aware." While applauding Adobe's quick response, researchers at Kaspersky Lab say it's already been exploited in Russia, Nepal, South Korea, China, India, Kuwait and Romania, and BankInfoSecurity writes that "The latest warning over this campaign reinforces just how often APT attackers target Flash, thus making a potential business case for banning it for inside the enterprise."

3 of 172 comments (clear)

  1. Well by johnsmithperson123 · · Score: 5, Informative

    Flash is literally a zombie at this point.

    1. Re:Well by 93+Escort+Wagon · · Score: 5, Informative

      Flash is literally a zombie at this point.

      Yeah, I removed the Flash plugin from my computer maybe a year ago. Prior to that, I'd been running ClickToFlash for several years... but then I realized just how infrequently I actually "clicked" to enable anything. Plus Adobe's insistence on installing it for all users, and with admin privileges to boot - really ridiculous, especially given Flash's horrible track record.

      Since Chrome has Flash built in, and since I don't use Chrome as my main browser - if there's ever something Flash-based I actually want to access, I just launch that browser. But I can't remember the last time I actually did that...

      --
      #DeleteChrome
  2. Re:So we're fucked either way? by 93+Escort+Wagon · · Score: 5, Informative

    But if we stick with HTML5-based technologies, then we'll just be more easily tracked by advertisers.

    I am not sure what you based this on - one of Flash's big selling points to advertisers has been just how much info it can provide to them about your browsing habits.

    --
    #DeleteChrome