Dear Adobe Flash, you will not wear me down.
I will never, ever, ever tire or writing these words:
Remove your Flash player and, if for some reason you can’t or won’t (because… I don’t know… maybe your laptop is encased in concrete or your grip on life is maintained by an iron lung that only runs in the Flash player) then you should update your Flash player to the latest version.
I won’t tire of writing these words because, despite the grinding relentlessness with which they’re necessary, they remain important.
Critical Flash updates may be as regular as clockwork and as boring as dirt, but so long as Flash lives and criminals are exploiting it we have to stay on top of them. Even if you’ve taken the sensible step of removing it from your own machines, you may have friends and family who have not.
Taking an active interest in Flash updates doesn’t just protect you from malicious websites that exploit Flash bugs either. Familiarity with the process of updating, how updates arrive and the version you’re supposed to be running also makes it easier to spot the fake Flash updates that are so popular with malware peddlers too.
This month’s critical update fixes a type confusion vulnerability that can lead to arbitrary code execution, and it’s rated by Adobe as priority 2, meaning that “There are currently no known exploits”.
That’s good news – it means that, unlike February and June this year where a vulnerability was fixed after criminals had already begun to exploit it, you get to fix the roof while the sun is still shining.
You still have to fix it though.
The bug exists in all versions of Flash up to 220.127.116.11 and you need version 18.104.22.168 for the fix.
The Flash players bundled with Google Chrome, Microsoft Edge, and Internet Explorer 11 for Windows 10 and 8.1, will get it automatically.
Adobe advises that everyone else should update “via the update mechanism within the product” or by getting a freshly minted copy of its player from the Adobe Flash Player Download Center.
I advise that if you can live without it, do.
After a quiet few months, July’s Patch Tuesday update from Adobe also saw Adobe Acrobat delivering an eye-catching “hold my beer” to its beleaguered stablemate with no fewer than 53 critical bugs fixed, and a bunch of others besides.
Adobe advises that its Acrobat and Acrobat Reader products should update themselves but you can find instructions on how to update them manually, or in managed environments, by following the instructions in the security bulletin.
Source : Naked Security