For the third month in a row, a Flash zero-day vulnerability is being exploited in the wild

Another day, another zero-day vulnerability discovered in Flash - one that’s actively being exploited in the wild. The company hasn’t yet released a patch but it’s promising to do so this week.

For the third month in a row, a zero-day vulnerability needs to be patched by Adobe’s engineers as they scramble to put out a fix for a bug that cybercriminals are exploiting. According to its own security advisory, the bug affects the latest version of Flash, 21.0.0.242 on all systems including Windows, OS X, Linux and Chrome OS.

The vulnerability can be effectively used to trigger a crash in the Flash plugin and then attackers can get control of the affected system. As explained by the security firm Kaspersky, which discovered it, the zero-day exploit is already being used in the wild by cybercriminals going after enterprise machines. According to a different report, those running EMET, Microsoft’s Enhanced Mitigation Experience Toolkit, are secure for now.

Adobe is promising to put out a patch this week, maybe even as soon as tomorrow. However, Flash’s security vulnerabilities seem to never end, so customers might simply be better off disabling Flash altogether.

In fact, Apple, Google and Firefox all appear to agree with that assessment, and the companies have taken steps to have Flash disabled by default in their browsers. The latest to jump on this bandwagon was Apple, which is disabling Flash by default in Safari 10, as we reported earlier.

With so many security risks, and companies moving away from the plugin, it’s clear that Flash’s days are numbered.

Source: Adobe, Kaspersky Via: Inquirer

Report a problem with article
Previous Story

Phil Spencer on leaks, Xbox One S performance and Project Scorpio exclusives

Next Story

macOS Sierra code suggests OLED touch bar and TouchID might be coming to Macs

16 Comments - Add comment

Advertisement