Critical security holes keep being found in Adobe Flash Player. Have you updated yours yet?
One of the favourite pieces of software for malicious hackers to target on users’ computers is Adobe Flash Player.
I'm being promoted a few times a day by Adobe to update the Flash player, and when checking in System Preferences there is indeed an update to be done. How to Update Adobe Flash in Chrome Browser Jul 11, 2017 - 7 Comments The Chrome web browser is perhaps best suited for running Adobe Flash because Chrome sandboxes the Flash player plugin, making it a bit more secure. IMO, Adobe Flash has only gotten worse and worse over time. The majority of the responsible sites are moving away from Flash, and it is still an incredible security risk, and extremely vulnerable. It was said Adobe Flash Player was easy access for intrusion? And Mac platforms. Advertise on MacRumors.
Why? Well, there are a few reasons.
Firstly, Adobe Flash Player is on an awful lot of computers. Many users may have installed it long ago in order to access Flash-based media content online, such as videos. Malicious hackers can rely upon a large number of people having Flash installed, making it a target for attack.
Secondly, the version of Adobe Flash Player installed on your computer may be out-of-date. Users may have failed to configure updates properly, or chosen to ignore reminders to update the software promptly when a new security update is released. There’s only one thing more attractive to a malicious hacker than widely-used ubiquitous software, and that’s widely-used ubiquitous software that hasn’t been kept updated with the latest patches.
It doesn’t matter if a hacker doesn’t have a zero-day exploit to throw at your Adobe Flash Player if you haven’t been bothering to keep it protected against known vulnerabilities.
Thirdly, there has been a long history of malicious hackers finding critical security holes in Adobe Flash Player, and building their attacks into exploit kits for anyone to deploy. Flash is closed, proprietary software controlled by Adobe and it has been plagued with software vulnerabilities and serious flaws over many years. Quite why Flash has been targeted so often is open to some debate, but the mere fact that it has suggests that it will continue to be for some time to come.
The upshot of this is that when Adobe releases new security patches for Adobe Flash Player, it would be very sensible indeed for its users to sit up and take notice.
Earlier today Adobe issued a security advisory detailing updates it has released for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS.
The updates are said to address critical vulnerabilities that could allow an attacker to penetrate a vulnerable system, allowing a remote attacker to execute code on a victim’s computer and take control over the device.
Adobe recommends that users of the Adobe Flash Player Desktop Runtime for Windows, Macintosh and Linux update to Adobe Flash Player version 26.0.0.137 as soon as possible. You can do this either by visiting the official Adobe Flash Player download page, or ensuring that Flash’s global settings are set to “install updates automatically when available”.
Even with that option enabled you may be disappointed to find that security updates are not immediately available to you, and – rather than wait – prefer to manually force an update instead.
Things are a little simpler for those who rely upon the Adobe Flash Player code integrated with the Google Chrome and Microsoft Edge browsers, as they should be automatically updated to the latest version as the browser itself updates.
The best approach of all, of course, if you want to permanently secure your computers and devices against Flash flaws is the nuclear option: uninstall Flash from your computer. Or – if you just need Adobe Flash for very specific websites or bespoke applications – have Flash installed on an alternative browser rather than the one you regularly use to surf the web.
If you’re not quite ready to take the step of entirely uninstalling Flash, then you should at the very least consider enabling “Click to Play”, which stops Flash elements from being rendered in your browser unless you give specific permission.
Discussion
Adobe this week released Flash Player version 24.0.0.221 to 'address critical vulnerabilities that could potentially allow an attacker to take control of the affected system,' including Mac, Windows, Linux, and Chrome OS. Mac users with Flash Player version 24.0.0.194 or earlier installed should immediately update to the latest version using the built-in update mechanism. The update is also available from the Adobe Flash Player Download Center. Flash Player users who had enabled the option to 'allow Adobe to install updates' will receive the update automatically. Likewise, Google Chrome will automatically update Flash Player to version 24.0.0.221. Select 'About Google Chrome' under the Tools menu to verify the browser is up-to-date. Adobe said the critical security update resolves integer overflow, memory corruption, type confusion, heap buffer overflow, and use-after-free vulnerabilities that could lead to code execution. The vulnerabilities were reported by security teams from Google, Microsoft, Palo Alto Networks, and Trend Micro. Safari on macOS Sierra deactivates Flash by default, only turning on the plug-in when user requested. Chrome, Firefox, and most other modern web browsers also have web plug-in safeguards in place due to repeatedsecurity risks. Adobe has released fifteen Flash Player security updates over the past year. In 2010, Apple co-founder Steve Jobs shared his 'Thoughts on Flash,' in which he favored open web standards such as HTML5 over Adobe Flash. Jobs said Flash Player was 'the number one reason Macs crash,' while criticizing its performance on mobile devices. 'Flash was created during the PC era – for PCs and mice,' he opined.
Guides
Upcoming
Front Page Stories
Adobe Flash Player For Mac Os X
Disney+ Will Offer up to Four Simultaneous Streams and 4K Content for $6.99 a Month
Apple Contractors Listened to 1,000+ Siri Recordings Per Shift
3 days ago on Front Page
The Most Interesting Features in Samsung's New Galaxy Note 10+ Flagship Smartphone
3 days ago on Front Page
Health and Activity: What's New in iOS 13
3 days ago on Front Page
ZENS Unveils AirPower-Like Wireless Charger With 16 Coils to Charge Two Devices Anywhere on Mat
3 days ago on Front Page
HomePod Launches in Japan and Taiwan [Updated]
3 days ago on Front Page
Apple Debuts New iCloud.com Beta Site With Fresh Look, Reminders App
3 days ago on Front Page
Bose Announces AirPlay 2-Equipped Portable Home Speaker
4 days ago on Front Page
• Law Firm Capitalizes on Reports Apple's iPhones Exceeded Radiofrequency Radiation Safety Levels in Some Tests(167)
• Android 10 Announced as Google Drops Dessert-Inspired Names(239)
• 2019 iPhones Said to Have Improved Shatter Resistance, Multi-Angle Face ID That Works Flat on Tables(235)
• Powerbeats Pro in Ivory, Moss, and Navy Now Available for Pre-order(55)
• Apple Shares Details on Cleaning and Protecting Your Apple Card in New Support Document(417)
Adobe Flash Player Update For Mac
• Chicago Tribune Claims iPhone Radiofrequency Radiation Levels Measured Higher Than Legal Safety Limit in Tests(182)
• Samsung Created a Bunch of Pro-Green Bubble GIFs to Get Back at iPhone Users Who Prefer Blue Chat Bubbles(228)