The update is known as APSB16-08 and was released on March 10 for Windows, Mac, Linux, Google Chrome, Internet Explorer and Microsoft Edge. Browsers should receive the update automatically but users on older platforms may need to manually download the new version.
In a security bulletin on the issue, Adobe said the update addresses “critical vulnerabilities that could potentially allow an attacker to take control of the affected system.” Twenty-three different issues are patched in the update, one of which “is being used in limited, targeted attacks.”
Bug CVE-2016-1010 is an integer overflow vulnerability that can cause Flash to crash and provide attackers with an entry point to the system. They could remotely execute their own code, gaining control of the user’s computer. This exploit is being used by hackers and could affect any user of an unpatched version of Flash.
The vulnerability was discovered by Kaspersky Labs. Adobe hasn’t disclosed details but a representative of the security firm said to Ars Technica: ” Today Adobe released the security bulletin APSB16-08, crediting Kaspersky Lab for reporting CVE-2016-1010. The vulnerability could potentially allow an attacker to take control of the affected system.”
Adobe urges all Flash users to install the new update as soon as possible. The majority of issues have been given a “critical” severity rating, the highest possible, and pose a serious threat if left unpatched.
People with Flash installed on their computer should also consider whether they still need the software installed. Many major websites have now moved away from the aging and insecure technology in favour of more modern alternatives. Users may find they can continue to access their usual sites with the plugin removed.
Adobe’s latest update is by no means the first emergency patch it has had to issue. Flash has been plagued by security problems for years, leading some security experts to advise web users stay away from it entirely.
A similar issue to CVE-2016-1010 was reported last October. A flaw allowed hackers to gain complete control of a target computer, a recurring theme in Flash vulnerabilities. As with the latest discovery, it affected all supported platforms and versions.
Users shouldn’t need to put up with these issues for much longer. A recent report predicted that Flash may be virtually eradicated online by 2018 as faster and safer technologies, integrated directly into web browsers, roll out across the Internet. Even Adobe has begun to distance itself from Flash as security experts, web developers and consumers have become increasingly frustrated with the once-popular technology.
