[Update 10/16: Somewhat sooner than expected, Adobe has released a new version of Flash available here.]
Here’s a heads-up to Mac users with Adobe Flash Player installed. Adobe has posted a security bulletin this week advising Mac, Windows, and Linux users of a known security issue with the latest version of the Flash Player plug-in, version 22.214.171.124 and earlier. In the security advisory, Adobe details that the ‘critical vulnerability’ in Flash Player could potentially cause system crashes and allow attackers “to take control of the affected system.” Also in the briefing, Adobe acknowledges a report detailing that the exploit, which Adobe labels CVE-2015-7645, is “being used in limited, targeted attacks.” As for a fix, uninstalling Adobe Flash Player is currently the only sure solution for concerned users. Adobe goes on to promise an upcoming fix through the next version of Flash Player expected to be released as soon as Monday, October 19th.
As for how serious the vulnerability seems to be, Adobe notably marks the exploit as ‘critical’ status, which ranks highest on its Severity Rating System. The label applies to: “A vulnerability, which, if exploited would allow malicious native-code to execute, potentially without a user being aware.”
Although the fix isn’t ready yet, Flash Player users can find the latest version of the plug-in here. Mac users wanting to uninstall Adobe Flash Player from OS X can follow these steps for removing Flash Player from the system.
By default, Apple hasn’t pre-installed the Flash Player plug-in on OS X for several OS X versions. Rather than shipping out-of-date versions of the plug-in, Apple has instead let customers decide whether or not Flash Player is needed at all. iOS, of course, doesn’t support Flash Player.
A growing number of voices in the tech community have increasingly called for Adobe to stop developing Flash Player including Facebook’s chief security officer. Because fewer people are installing Flash Player and browsers are starting to block or pause the plug-in, Amazon recently announced it would stop accepting Flash-based ads. Earlier this year, Mozilla temporarily turned off Flash Player in its Firefox browser after another security concern.