Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customise your settings, hit “Customise Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

Kill Flash now. Or patch these 36 vulnerabilities. Your choice

One bug being exploited right now in the wild


Adobe has released an update for Flash that addresses three dozen CVE-listed vulnerabilities.

The update includes a fix for the CVE-2016-4171 remote code execution vulnerability that is right now being exploited in the wild to install malware on victims' computers.

Adobe is recommending that users running Flash for Windows, macOS, Linux, and ChromeOS update the plugin as quickly as possible, giving the update the "Priority 1" ranking, a designation reserved for flaws that are, according to Adobe, "being targeted, or which have a higher risk of being targeted."

Adobe credited security researchers at Cisco Talos, Google Project Zero, FireEye, Microsoft Vulnerability Research, Tencent PC Manager, Kaspersky, Pangu Lab, and Qihoo 360 Codesafe Team with reporting the 36 flaws.

For Windows, macOS and ChromeOS (as well as the Chrome browser), the updated version will be 22.0.0.192. The latest version of Flash Player for Linux is 11.2.202.626 and Flash Player Extended Support will get version 18.0.0.360.

The update comes just days after Adobe posted its June security update to address vulnerabilities in Flash as well as Cold Fusion, Creative Cloud, and Brackets.

The release also comes as more software makers are opting to exclude Flash from their browsers. Apple said Safari will be disabling Flash by default, joining the ranks of Google Chrome in opting for HTML5 content rather than Flash code, due to the large volume of security flaws present in the widespread browser plugin.

Both of the Flash-less versions of Chrome and Safari are due to be released under general availability later this year. You should set your browser to run Flash content only when you specifically allow it – so-called click-to-run – to prevent drive-by exploitation of these flaws. ®

Similar topics


Other stories you might like

  • Microsoft report says many employees are stuck on oldy-mouldy computers and should probably be upgraded

    What was that, Brad Smith? You're at climate summit COP26 talking about sustainability plans? You're breaking up... Going in a tunnel

    Microsoft published a report today that highlights the "problem" of users sticking with ageing devices.

    It's all in the name of productivity, of course, as the company pointed to a potential gap between staff using old kit compared to those with newer computers as remote working becomes the norm for more employees.

    The report, titled "Device Decisions", ponders changing considerations in the IT workplace, and found that two-thirds of employees with a company laptop were still using the same kit they had at the start of the pandemic. That just won't do. "More than a third of employees who received new devices since the onset of COVID-19 reported a resulting increase in their productivity," said Microsoft.

    Continue reading
  • Angular 13 arrives: Ivy everywhere, View Engine and IE11 support cut

    Cruft removed to improve performance

    Version 13 of the Google-sponsored Angular JavaScript framework is here and the old View Engine renderer is gone, as is IE11 support, making Angular faster and smaller.

    The latest release is as notable for what has been cut out as for what is included. Google developer relations engineer Mark Thompson said the deprecated View Engine, the old Angular compilation and rendering engine, is no longer available. According to Thompson, this means "teams can look forward to faster compilation because metadata and summary files are no longer included."

    The current rendering engine, called Ivy, is now used everywhere and is being further improved and optimized. This allowed the modernization of the Angular Package Format (APF) and less use of the compatibility compiler ngcc, as well as simplification of the component API, resulting in more concise code.

    Continue reading
  • Imagination mulls adding DirectX to its GPU roadmap amid customer interest

    For now, here's an IMG CXT processor with real-time ray-tracing abilities

    Imagination Technologies says supporting DirectX is becoming a bigger consideration for the company when it comes to designing GPUs.

    "We've definitely been speaking to a lot of customers around DirectX; it's something that, looking forward, for sure [is] for the roadmap. Obviously it's a big investment, and something that our customers clearly think is very important," Andrew Girdler, product manager at Imagination, told The Register.

    The design house's heritage is in embedded and mobile graphics processors, particularly for Android devices and other Linux-based systems. Support for DirectX, which is the primary low-level graphics and multimedia framework used by games on Windows, is becoming a consideration as Imagination tries to break through into the PC market with more capable GPUs.

    Continue reading

Biting the hand that feeds IT © 1998–2021