Photo
Photo credit: Adobe

Yesterday, Adobe released a new security update initially intended to patch a zero-day security flaw in Flash – but mere hours after releasing the patch, Adobe admitted that hackers have already figured out how to work around it. Adobe is not scheduled to release the newest security update until Jan. 26, so until then your safest course of action might be to disable Flash altogether.

The zero-day vulnerability was first discovered and reported earlier this week by the security blog Malware Don't Need Coffee. But Adobe also investigated (and eventually confirmed) reports that hackers might already have figured out ways to work around the update, and continue exploiting the vulnerability.

In tech-speak, a “zero-day” threat is one that exploits a previously unknown vulnerability; since nobody (other than bad-guy hackers) knew about the security hole, nobody's had time to patch it, and so zero days pass between the discovery of the vulnerability and the discovery of the attack.

Adobe's Jan. 22 Security Bulletin says that the exploit affects Adobe Flash Player 16.0.0.257 and earlier versions; Adobe Flash Player 13.0.0.260 and earlier 13.x versions; and Adobe Flash Player 11.2.202.429 and earlier versions for Linux. If you don't know which version you have, you can find out by clicking here.

However, rather than worry about which still-vulnerable version of Flash you have, you might be better off disabling it altogether until at least next Monday, when the next patch is released.

For instructions how to disable Flash in Chrome, click here. For Internet Explorer, click here. Chick here for Firefox.

Thus far, the vulnerability doesn't seem to affect Macs, but Mac users might want to disable Flash on Safari just in case.


Share your Comments