Skip to main content

Adobe acknowledges ‘critical vulnerability’ with latest Flash Player version, promises fix next week [U: Fix available]

[Update 10/16: Somewhat sooner than expected, Adobe has released a new version of Flash available here.]

Here’s a heads-up to Mac users with Adobe Flash Player installed. Adobe has posted a security bulletin this week advising Mac, Windows, and Linux users of a known security issue with the latest version of the Flash Player plug-in, version 19.0.0.207 and earlier. In the security advisory, Adobe details that the ‘critical vulnerability’ in Flash Player could potentially cause system crashes and allow attackers “to take control of the affected system.”

Also in the briefing, Adobe acknowledges a report detailing that the exploit, which Adobe labels CVE-2015-7645, is “being used in limited, targeted attacks.” As for a fix, uninstalling Adobe Flash Player is currently the only sure solution for concerned users. Adobe goes on to promise an upcoming fix through the next version of Flash Player expected to be released as soon as Monday, October 19th.

As for how serious the vulnerability seems to be, Adobe notably marks the exploit as ‘critical’ status, which ranks highest on its Severity Rating System. The label applies to: “A vulnerability, which, if exploited would allow malicious native-code to execute, potentially without a user being aware.”

Although the fix isn’t ready yet, Flash Player users can find the latest version of the plug-in here. Mac users wanting to uninstall Adobe Flash Player from OS X can follow these steps for removing Flash Player from the system.

By default, Apple hasn’t pre-installed the Flash Player plug-in on OS X for several OS X versions. Rather than shipping out-of-date versions of the plug-in, Apple has instead let customers decide whether or not Flash Player is needed at all. iOS, of course, doesn’t support Flash Player.

A growing number of voices in the tech community have increasingly called for Adobe to stop developing Flash Player including Facebook’s chief security officer. Because fewer people are installing Flash Player and browsers are starting to block or pause the plug-in, Amazon recently announced it would stop accepting Flash-based ads. Earlier this year, Mozilla temporarily turned off Flash Player in its Firefox browser after another security concern.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. When i upgraded to El Capitan (wiped and started fresh) I decided against installing Flash. To this day, I have yet to find a place where I can’t work/play without the plugin…. Obsolescence obviousness comes in stranges ways, doesn’t it?

    • iali87 - 9 years ago

      Many tech sites stills require it to watch their video content. The verge, techcrunch, etc…

      • WaltFrench - 9 years ago

        Yup, they’re all over the place.

        Generally, you can set your browser’s “User Agent” string to claim your Mac is an iPad, and the site will cough up a perfectly-useable HTML video. The User Agent menu item is under the Develop menu, which you can turn on in Safari preferences.

      • iali87 - 9 years ago

        @WaltFrench
        Thanks man.

  2. supercii - 9 years ago

    I have always the plugin blocked, It is allowed only on a few bunch of trusted websites that need it.

  3. crichton007 - 9 years ago

    I love how I just received the notification to upgrade to 19.0.0.207 yesterday. If I didn’t run into places where I still needed this I’d be happy to ditch it as well.

  4. standardpull - 9 years ago

    I’m not going to patch my Flash installation. Instead, I have removed it.

    I use my computer for serious business. I simply cannot take the risk of attackers taking control of my affected system. Anyone who has Flash on their Internet-connected computer used for personal or business matters is simply negligent.

    Sure, there are other vulnerabilities out there. But Flash is both a huge target and a common culprit.

    Further, any website that requires, encourages, or uses Flash is negligent. No excuses.

    Flash, you served your purpose in 2005. But it’s 2015 now. Goodbye.

  5. xprmntr - 9 years ago

    Surprise surprise

  6. Paul Van Obberghen - 9 years ago

    I have removed Flash from my iMac and MacBookAir long time ago and I never missed it since.

  7. bpmajesty - 9 years ago

    Well… until next week!
    Hope you don’t fall victim to the vulnerability between now and then! haha!

  8. Thanks for the heads up, I have just disabled flash. I wonder if this had anything to do with my entire system freezing earlier… Hadn’t happened to me on my new Mac yet: I had to hold down the power button and force a reboot.

  9. shareef777 - 9 years ago

    Man, I wish I can disable flash, but I still hit a lot of sites that use it. I don’t know what corners of the internet some you visit that don’t need flash, but even Youtube would have certain videos that only load with flash.

    Can’t wait till the day when I’m old and I can complain to my grandchildren about how bad we had it today with flash lol.

    • PhilBoogie - 9 years ago

      You Tube? I simply grab an iPad and the videos load just fine. In fact, whenever I hit a shyte site that has a video in Flash, I grab an iPad. The iPad, the best Flash player around. Since 2010. Oh, the irony.

  10. PhilBoogie - 9 years ago

    That’s good news from FB, Amazon et cetera, but I can’t believe how slow the world reacts to the forward thinking of Steve.

  11. BDKennedy (@BDKennedy) - 9 years ago

    I kept Flash on my computer in the past because Hulu requires it. I have now removed Flash from all of my computers and will never install it again. It’s time for this thing to die. I’ll watch Hulu on my Apple TV instead.

    • standardpull - 9 years ago

      Hulu requires Flash? If so, then

      Hulu users on Windows or Mac – your machines are vulnerable to attack.

      I wonder if Hulu warned its users. If they didn’t, that seems negligent and unprofessional.

      • BDKennedy (@BDKennedy) - 9 years ago

        After the last attack, I wrote Hulu’s customer service and they sent me back a canned message saying they are aware of the vulnerabilities but are not going to replace Flash in the foreseeable future.

  12. I just got rid of the Flash player a couple of days ago. I’m glad that these safety warnings won’t bother me at all anymore! :D
    I hope Adobe will soon announce to discontinue this outdated mess of a software… let it die already, please!!
    http://occupyflash.org

  13. kjl3000 - 9 years ago

    What’s the news?

  14. Mark Blumer - 9 years ago

    Man, Adobe’s really been on top of their game with these updates lately /s. First the ongoing Lightroom debacle, now this.

  15. Many gaming sites still use flash player. Are they working on an alternative? I declined the latest update so am I still vulnerable?

    • standardpull - 9 years ago

      Those game sites are doing their customers a great disservice by implicitly encouraging an unsafe technology. They chose the wrong technology for their games and now they’re paying the price.

  16. srgmac - 9 years ago

    Jesus Adobe, end of life Flash already. It has ruined your reputation enough.

  17. Michael Linneer - 9 years ago

    With Safari sandboxing Flash and El Capitan’s updated security, isn’t this just fear mongering? And if the exploit can bypass the sandbox, isn’t it really Apple’s problem, not Adobe’s? And what about Chrome’s sandboxed PPAPI but-in version?

  18. Jobs said it 5 years ago…. the #1 reason Macs crashes is Flash…. Nope, for me, I will simply stop using sites that require Flash. That’s the only way I have to push sites into this millennia.

  19. Kawaii Gardiner - 9 years ago

    Update has been released, 19.0.0.226 is the latest version.

  20. Adobe Flash Player could disappear easily, if web developers stopped using it!

  21. Marco Brandão - 9 years ago

    Compare Flash Player to a Swiss cheese is a disservice to the great cheese and to the Switzerland people. I prefere to compare to a donut, with a big whole in the middle and a sugary top to attract users like flies.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications