Kill Flash now. Or patch these 36 vulnerabilities. Your choice

One bug being exploited right now in the wild

54 Reg comments Got Tips?

Adobe has released an update for Flash that addresses three dozen CVE-listed vulnerabilities.

The update includes a fix for the CVE-2016-4171 remote code execution vulnerability that is right now being exploited in the wild to install malware on victims' computers.

Adobe is recommending that users running Flash for Windows, macOS, Linux, and ChromeOS update the plugin as quickly as possible, giving the update the "Priority 1" ranking, a designation reserved for flaws that are, according to Adobe, "being targeted, or which have a higher risk of being targeted."

Adobe credited security researchers at Cisco Talos, Google Project Zero, FireEye, Microsoft Vulnerability Research, Tencent PC Manager, Kaspersky, Pangu Lab, and Qihoo 360 Codesafe Team with reporting the 36 flaws.

For Windows, macOS and ChromeOS (as well as the Chrome browser), the updated version will be 22.0.0.192. The latest version of Flash Player for Linux is 11.2.202.626 and Flash Player Extended Support will get version 18.0.0.360.

The update comes just days after Adobe posted its June security update to address vulnerabilities in Flash as well as Cold Fusion, Creative Cloud, and Brackets.

The release also comes as more software makers are opting to exclude Flash from their browsers. Apple said Safari will be disabling Flash by default, joining the ranks of Google Chrome in opting for HTML5 content rather than Flash code, due to the large volume of security flaws present in the widespread browser plugin.

Both of the Flash-less versions of Chrome and Safari are due to be released under general availability later this year. You should set your browser to run Flash content only when you specifically allow it – so-called click-to-run – to prevent drive-by exploitation of these flaws. ®

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Keep Reading

Stop asking for Amazon, Google and Microsoft cloud with 'no justification': US Library of Congress told to drop its 'brand-name'-tastic RFP

Oracle wins protest after agency failed to get it kicked out for not being a reseller

Big Tech to face its Ma Bell moment? US House Dems demand break-up of 'monopolists' Apple, Amazon, Facebook, Google

'These once scrappy, underdog startups have become the kinds of monopolies we last saw in the era of oil barons and railroad tycoons'

Amazon, Apple, Google, IBM, Microsoft speech-to-text AI systems can't understand black people as well as whites

Lack of varied training data to blame, say researchers

UK govt publishes contracts granting Amazon, Microsoft, Google and AI firms access to COVID-19 health data

Questions linger over involvement of biz linked to Dominic Cummings and Vote Leave campaign

Not one to be outdone by Microsoft, Apple's cloud fell over too. Unlike Microsoft, it hasn't said what happened

Apple TV, iCloud Mail, iWork for iCloud, App Store and more go TITSUP*

If you're on invite-only tech-testing scheme, take care with Amazon's Alexa-powered answer to Google's Glass

iFixit reveals repair won't be trivial

Google, Amazon pass on UK Digital Services Tax by hiking ad prices, fees at same rate the government takes

Which means you get to pay, because cost of ads, sellers' fee hikes are built into prices, so once the tech titans charge more ... you get the drift

At historic Apple, Amazon, Facebook, Google CEOs hearing, congressmen ramble, congresswomen home in on tech market abuse

Analysis We watched six hours of congressional hearings so you didn’t have to

Biting the hand that feeds IT © 1998–2020