Kill Flash now. Or patch these 36 vulnerabilities. Your choice

One bug being exploited right now in the wild

54 Reg comments Got Tips?

Adobe has released an update for Flash that addresses three dozen CVE-listed vulnerabilities.

The update includes a fix for the CVE-2016-4171 remote code execution vulnerability that is right now being exploited in the wild to install malware on victims' computers.

Adobe is recommending that users running Flash for Windows, macOS, Linux, and ChromeOS update the plugin as quickly as possible, giving the update the "Priority 1" ranking, a designation reserved for flaws that are, according to Adobe, "being targeted, or which have a higher risk of being targeted."

Adobe credited security researchers at Cisco Talos, Google Project Zero, FireEye, Microsoft Vulnerability Research, Tencent PC Manager, Kaspersky, Pangu Lab, and Qihoo 360 Codesafe Team with reporting the 36 flaws.

For Windows, macOS and ChromeOS (as well as the Chrome browser), the updated version will be 22.0.0.192. The latest version of Flash Player for Linux is 11.2.202.626 and Flash Player Extended Support will get version 18.0.0.360.

The update comes just days after Adobe posted its June security update to address vulnerabilities in Flash as well as Cold Fusion, Creative Cloud, and Brackets.

The release also comes as more software makers are opting to exclude Flash from their browsers. Apple said Safari will be disabling Flash by default, joining the ranks of Google Chrome in opting for HTML5 content rather than Flash code, due to the large volume of security flaws present in the widespread browser plugin.

Both of the Flash-less versions of Chrome and Safari are due to be released under general availability later this year. You should set your browser to run Flash content only when you specifically allow it – so-called click-to-run – to prevent drive-by exploitation of these flaws. ®

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Keep Reading

Amazon, Apple, Google, IBM, Microsoft speech-to-text AI systems can't understand black people as well as whites

Lack of varied training data to blame, say researchers

UK govt publishes contracts granting Amazon, Microsoft, Google and AI firms access to COVID-19 health data

Questions linger over involvement of biz linked to Dominic Cummings and Vote Leave campaign

Remind us again, why work for AWS? Petty Amazon sues marketing veep after he defects to Google Cloud

Hyperscalers spar in non-compete, NDA spat

Facebook, Amazon, Apple, Google told: If you could cough up a decade of your internal emails, that'd be great

Oh, and you have four weeks to comply, says US antitrust probe

Sure is wild that Apple, Google app store monopolies are way worse than what Windows got up to, sniffs Microsoft prez

Analysis 'Far more formidable gates to access to other applications than anything that existed in the industry 20 years ago'

Google's cloud-wrangling Anthos completes bridge to Amazon Web Services, Azure waits in the wings

Meanwhile, Chocolate Factory to donate its Istio toolkit to vendor-neutral open-source foundation

Microsoft? AWS? Nein und nein. Deutsche Bank signs up with Google Cloud for its latest crack at digital transformation

5 months after request for proposal, Satya and Jeff left to languish on sidelines

The IoT wars are over, maybe? Amazon, Apple, Google give up on smart-home domination dreams, agree to develop common standards

The bad news: You may have to buy all new kit if you want things to work

Biting the hand that feeds IT © 1998–2020