Dump Flash Player now or spend the rest of your life patching it

By

Might be time to get rid of this vector for security exploits, yeah?
Might be time to get rid of this vector for security exploits, yeah?
Photo: Adobe

Adobe Systems Inc. has yet another patch for you to download and install to fix yet another critical security hole in its ubiquitous Flash Player browser plugin.

Hackers are already onto the exploit, so if you use Adobe Flash Player, you really need to download and apply the patch.

Better yet, though: just stop using Flash Player.

Adobe posted an advisory on Tuesday morning saying that the latest version of Flash (18.0.0.194 on Mac OS X and Windows) fixes the cleverly-named CVE-2015-3113 flaw that is being targeted by hackers in “limited, targeted attacks.”

While Adobe only points to Internet Explorer on Windows 7 and below as well as Firefox on Windows XP as known targets, it urges all users of the Flash Player plugin to update to the latest version.

If you use Chrome on your Mac, Flash Player should automatically update. If it doesn’t, click on the triple bar icon to the upper right of the Chrome window (next to the address bar), choose About Google Chrome and click on the Apply Update button you see there. If you don’t see it, you’re updated already.

For Safari users, you can grab the latest version of Flash Player from this Adobe web page.

Really, though, you might be fine without Flash at all, says security journalist Brian Krebs.

“In lieu of patching Flash Player yet again, it might be worth considering whether you really need to keep Flash Player installed at all,” he writes. “In a happy coincidence, earlier today I published a piece about my experience going a month without having Flash Player installed. The result? I hardly missed it at all.”

Source: Adobe
Via: The Register