Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Decision time: Uninstall Adobe Flash or install yet another critical patch

Hacking Team vulnerability fixed for Windows, OS X and Linux machines

Adobe has issued yet another update for Flash Player to patch a critical vulnerability revealed in documents leaked from spyware maker Hacking Team.

The update patches 36 CVE-listed flaws, including the hacking Team's CVE-2015-5119 bug – which can be exploited by a malicious Flash file to run malware on a victim's system. Some of the other 35 programming cockups also allow hackers to pull off remote-code execution attacks on vulnerable computers.

Users of Flash Player for Windows, OS X, and Linux are all advised to update to the latest version of Flash, though the update is only considered a top priority for Windows and OS X users. The CVE-2015-5119 bug is being exploited in the wild right now by crims, who are using the flaw to infect people's PCs.

An alternative is to just uninstall or disable the plugin, which has been riddled with security holes for years, or tell your web browser to only run Flash files if you right-click over them and select "run this plugin" (it's usually called click-to-play.)

"These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system," Adobe said.

"Adobe is aware of a report that an exploit targeting CVE-2015-5119 has been publicly published."

That flaw was made public when a hacker owned the servers of hacking Team, an Italian surveillance-ware developer. Along with the exploit code, the leaked data showed a list of government regimes who had purchased and asked for support on spyware tools.

The patched software will include Flash Player for Windows and OS X 18.0.0.203, Flash Player Extended Support Release 13.0.0.302, Flash Player for Linux 11.2.202.481, Flash Player for Chrome 18.0.0.203 (Windows/OS X) and 18.0.0.204 (Linux), Flash Player for Internet Explorer 18.0.0.203, and Flash AIR 18.0.0.180.

Users are entirely justified in getting a sense of deja-vu on this latest update. The Adobe fix comes just a couple weeks after Adobe issued another emergency patch for Flash Player. Infosec bods have suggested that, in many cases, users and administrators would be better off deleting or disabling Flash Player than having to deal with the constant updates. ®

 

Similar topics

TIP US OFF

Send us news


Other stories you might like