Researchers Find Another Big Fat Adobe Flash Vulnerability; All Versions Affected


Adobe Flash is doing a great job this week of keeping up its track record as one of the buggiest, least secure, most vulnerable pieces of software ever to hit the web. On the heels of a recent update, researchers have found a massive exploit in Flash that affects every single version of the software, on every single platform. So yes, if your computer has Flash, that means you, too.

Security researchers at the firm Trend Micro identified the flaw as one used in a number of attacks against various government entities and activists.

They told Adobe what they had found, and Adobe, in turn, issued a security warning, confirming that “Successful exploitation [of the vulnerability] could cause a crash and potentially allow an attacker to take control of the affected system.” Adobe will release a patch during the week of October 19.

According to Adobe, affected versions include:

  • Adobe Flash Player 19.0.0.207 and earlier versions for Windows and Macintosh
  • Adobe Flash Player Extended Support Release version 18.0.0.252 and earlier 18.x versions
  • Adobe Flash Player 11.2.202.535 and earlier 11.x versions for Linux

Translated into English, that means that any version, from the most current, most recently updated on back, on any desktop or laptop computer running Windows, Mac OS, or Linux is vulnerable. And that’s basically everyone.

Tech news site BGR suggests that the only way completely to protect your computer at this time is to uninstall Flash completely, which is not necessarily a bad idea. Tech businesses have been increasingly turning on Flash and calling for its demise as flaw after flaw proves to leave users vulnerable to digital attacks, and Google’s Chrome browser already blocks a whole lot of the ads and videos that Flash is generally used for.

New Adobe Flash Zero-Day Used in Pawn Storm Campaign Targeting Foreign Affairs Ministries [Trend Micro via BGR]