[Update 10/16: Somewhat sooner than expected, Adobe has released a new version of Flash available here.]
Here’s a heads-up to Mac users with Adobe Flash Player installed. Adobe has posted a security bulletin this week advising Mac, Windows, and Linux users of a known security issue with the latest version of the Flash Player plug-in, version 19.0.0.207 and earlier. In the security advisory, Adobe details that the ‘critical vulnerability’ in Flash Player could potentially cause system crashes and allow attackers “to take control of the affected system.”Also in the briefing, Adobe acknowledges a report detailing that the exploit, which Adobe labels CVE-2015-7645, is “being used in limited, targeted attacks.” As for a fix, uninstalling Adobe Flash Player is currently the only sure solution for concerned users. Adobe goes on to promise an upcoming fix through the next version of Flash Player expected to be released as soon as Monday, October 19th.
As for how serious the vulnerability seems to be, Adobe notably marks the exploit as ‘critical’ status, which ranks highest on its Severity Rating System. The label applies to: “A vulnerability, which, if exploited would allow malicious native-code to execute, potentially without a user being aware.”
Although the fix isn’t ready yet, Flash Player users can find the latest version of the plug-in here. Mac users wanting to uninstall Adobe Flash Player from OS X can follow these steps for removing Flash Player from the system.
By default, Apple hasn’t pre-installed the Flash Player plug-in on OS X for several OS X versions. Rather than shipping out-of-date versions of the plug-in, Apple has instead let customers decide whether or not Flash Player is needed at all. iOS, of course, doesn’t support Flash Player.
A growing number of voices in the tech community have increasingly called for Adobe to stop developing Flash Player including Facebook’s chief security officer. Because fewer people are installing Flash Player and browsers are starting to block or pause the plug-in, Amazon recently announced it would stop accepting Flash-based ads. Earlier this year, Mozilla temporarily turned off Flash Player in its Firefox browser after another security concern.
FTC: We use income earning auto affiliate links. More.
When i upgraded to El Capitan (wiped and started fresh) I decided against installing Flash. To this day, I have yet to find a place where I can’t work/play without the plugin…. Obsolescence obviousness comes in stranges ways, doesn’t it?
Many tech sites stills require it to watch their video content. The verge, techcrunch, etc…
Yup, they’re all over the place.
Generally, you can set your browser’s “User Agent” string to claim your Mac is an iPad, and the site will cough up a perfectly-useable HTML video. The User Agent menu item is under the Develop menu, which you can turn on in Safari preferences.
@WaltFrench
Thanks man.
I have always the plugin blocked, It is allowed only on a few bunch of trusted websites that need it.
I love how I just received the notification to upgrade to 19.0.0.207 yesterday. If I didn’t run into places where I still needed this I’d be happy to ditch it as well.
I’m not going to patch my Flash installation. Instead, I have removed it.
I use my computer for serious business. I simply cannot take the risk of attackers taking control of my affected system. Anyone who has Flash on their Internet-connected computer used for personal or business matters is simply negligent.
Sure, there are other vulnerabilities out there. But Flash is both a huge target and a common culprit.
Further, any website that requires, encourages, or uses Flash is negligent. No excuses.
Flash, you served your purpose in 2005. But it’s 2015 now. Goodbye.
Surprise surprise
I have removed Flash from my iMac and MacBookAir long time ago and I never missed it since.
Well… until next week!
Hope you don’t fall victim to the vulnerability between now and then! haha!
Thanks for the heads up, I have just disabled flash. I wonder if this had anything to do with my entire system freezing earlier… Hadn’t happened to me on my new Mac yet: I had to hold down the power button and force a reboot.
Man, I wish I can disable flash, but I still hit a lot of sites that use it. I don’t know what corners of the internet some you visit that don’t need flash, but even Youtube would have certain videos that only load with flash.
Can’t wait till the day when I’m old and I can complain to my grandchildren about how bad we had it today with flash lol.
You Tube? I simply grab an iPad and the videos load just fine. In fact, whenever I hit a shyte site that has a video in Flash, I grab an iPad. The iPad, the best Flash player around. Since 2010. Oh, the irony.
That’s good news from FB, Amazon et cetera, but I can’t believe how slow the world reacts to the forward thinking of Steve.
Steve saw it for what it is and was one of the few tech leaders to speak out and do something about it.
I kept Flash on my computer in the past because Hulu requires it. I have now removed Flash from all of my computers and will never install it again. It’s time for this thing to die. I’ll watch Hulu on my Apple TV instead.
Hulu requires Flash? If so, then
Hulu users on Windows or Mac – your machines are vulnerable to attack.
I wonder if Hulu warned its users. If they didn’t, that seems negligent and unprofessional.
After the last attack, I wrote Hulu’s customer service and they sent me back a canned message saying they are aware of the vulnerabilities but are not going to replace Flash in the foreseeable future.
I just got rid of the Flash player a couple of days ago. I’m glad that these safety warnings won’t bother me at all anymore! :D
I hope Adobe will soon announce to discontinue this outdated mess of a software… let it die already, please!!
http://occupyflash.org
What’s the news?
Man, Adobe’s really been on top of their game with these updates lately /s. First the ongoing Lightroom debacle, now this.
Many gaming sites still use flash player. Are they working on an alternative? I declined the latest update so am I still vulnerable?
Those game sites are doing their customers a great disservice by implicitly encouraging an unsafe technology. They chose the wrong technology for their games and now they’re paying the price.
Jesus Adobe, end of life Flash already. It has ruined your reputation enough.
With Safari sandboxing Flash and El Capitan’s updated security, isn’t this just fear mongering? And if the exploit can bypass the sandbox, isn’t it really Apple’s problem, not Adobe’s? And what about Chrome’s sandboxed PPAPI but-in version?
Jobs said it 5 years ago…. the #1 reason Macs crashes is Flash…. Nope, for me, I will simply stop using sites that require Flash. That’s the only way I have to push sites into this millennia.
Update has been released, 19.0.0.226 is the latest version.
Adobe Flash Player could disappear easily, if web developers stopped using it!
Compare Flash Player to a Swiss cheese is a disservice to the great cheese and to the Switzerland people. I prefere to compare to a donut, with a big whole in the middle and a sugary top to attract users like flies.