Adobe Systems has once again rushed out an emergency patch to plug a security hole in its widely-installed Flash Player software, warning that the vulnerability is already being exploited in the wild using various active attacks.
Adobe said a “critical” bug exists in all versions of Flash including Flash versions 21.0.0.197 and lower (older) across a broad range of systems, including Windows, Mac, Linux and Chrome OS. Find out if you have Flash and if so what version by visiting this Adobe Version Checker link.
In an Adobe security advisory, the software maker said it is aware of reports that the vulnerability is being actively exploited on systems running Windows 7 and Windows XP with Flash Player version 20.0.0.306 and earlier.
Adobe said additional security protections built into all versions of Flash including 21.0.0.182 and newer should block this flaw from being exploited. But even if you’re running one of the newer versions of Flash with the additional protections, you should update, hobble or remove Flash as soon as possible.
The smartest option is probably to ditch the program once and for all and significantly increase the security of your system in the process. I’ve got more on that approach (as well as slightly less radical solutions ) in A Month Without Adobe Flash Player.
Additional reading on this vulnerability:
Kafeine‘s Malware Don’t Need Coffee Blog on active exploitation of the bug.
Trend Micro’s take on evidence that thieves have been using this flaw in automated attacks since at least March 31, 2016.