Stop us if you've heard this one before, but if you're still a Flash Player holdover, update it now! Adobe rushed an emergency patch yesterday to fix a zero-day vulnerability that is already being exploited by hackers.
Adobe hasn't disclosed how it is being attacked, but according to the company's security bulletin, this vulnerability CVE-2016-7855, is a use-after-free flaw that could potentially allow a hacker to take remote control of your computer by exploiting through Flash. The scary part is that since it is a zero-day vulnerability, hackers are already targeting computers without Adobe's prior knowledge.
According to the bulletin:
"Adobe is aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10."
Although the company is classifying the zero-day attacks as limited to Windows machines, the scope of the affected systems includes the Flash Player for Google Chrome in Windows, Macs and Linux and Microsoft's Edge browser and Internet Explorer 11.
The flaw was reported by the Google Threat Analysis Group led by Neel Mehta and Billy Leonard, the same team that discovered the Heartbleed Android bug from a few years back.
Emergency patches for Flash are nothing new to Adobe. The company has been plugging zero-day flaws regularly and this is in fact, their fourth emergency patch this year.
With web browsers blocking and eliminating Flash content and tech companies, like Apple, Microsoft, Google and even Adobe itself, decidedly eager to move on and bury this outdated web standard, it's high time you disable Flash in your computer now.
A few major websites (HBO Go, Spotify, Pandora, etc.) still use Flash so if you are still utilizing this dying web plugin, here's how you update it.
For Chrome, Internet Explorer 11, and Microsoft Edge browsers, the updates should be applied automatically after a restart. For other browsers, you may need to update the Flash plugin manually.
--> Click here to use our Adobe Flash Update Tool guide for download and install instructions.
Here are the updated versions for each affected system and the download links:
Update to Chrome Flash Player 184.108.40.206 by downloading the official release here.
Adobe Flash Player for Microsoft Edge and Internet Explorer 11 220.127.116.11 is in Microsoft's Security Advisory for Flash.
For Linux, you can get Adobe Flash Player for Linux from Adobe's Flash Player Download Center.