Just two days after this month’s Adobe Patch Tuesday, the company published an emergency fix for Flash.
Another Flash Exploit – Just 2 days after the last patch!
Dubbed APSB16-08, the update didn’t make it out on Tuesday, but it fixes 23 CVE-labelled vulnerabilities, so make sure you don’t miss it when you roll out updates for your adobe Flash player and other vulnerabilities.
The bugs fixed in this release include holes that “could potentially allow an attacker to take control of the affected system.” according to Adobe.
One of the vulnerabilities, denoted as CVE-2016-1010, is “being used in limited, targeted attacks,” according to Adobe, and therefore qualifies as more than just a potentially exploitable hole.
We’d love to be able to tell you what sort of cyber-attacks were being launched using this new exploit, and how much damage they were able to do, but we aren’t yet sure because no one is actually saying anything about what they know to be happening.
This sort of “silent period” might seem both frustrating and dangerous – if you think that knowledge is power – but according to Ars Technica, the attacks were spotted by Kaspersky Lab and are currently being kept quiet for now. Presumably because they have been reported to law enforcement.
What to do?
- Patch Flash now if you have it installed, or check that your auto-update has run if you are set up for that.
- Configure Flash in your browser so it asks you first before running.
Better still have you considered completely uninstalling Flash? Even if you do this for a short while, and see if you can live without it.
Remember that Apple iPhone users have lived without Flash since the iPhone first came out. If Flash was removed, the content would be provided in more secure means, like HTML5.