Skip to main content

Another month, another Flash vulnerability … Adobe issues emergency update

Less than a month after a critical Flash vulnerability allowed an attacker to take control of a Mac, Adobe has issued an emergency update for yet another critical flaw. The latest one is already being exploited by ransomware that encrypts Windows PCs, but while there’s no known exploit for OS X as yet, Adobe says that the same vulnerability exists on all platforms, and users should update immediately …

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS.  These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.  

Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier.

Apple often blocks vulnerable versions of Flash in Safari, but as that takes time, it’s best not to rely on this. You can update your version of Flash by visiting Adobe’s update page and hitting the ‘Install now’ button. Flash updates should, of course, be refused from other sites as it’s not unusual for malware-infected fake versions to be offered.

Given the succession of vulnerabilities found in Flash, Steve Jobs’ 2010 essay seems as relevant today as it was then. With an increasing number of people opting to zap Flash from their systems altogether, I think I’m going to try the experiment myself.

Via and photo: Reuters

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. pdixon1986 - 8 years ago

    why can’t we just get rid of flash?

    • taoprophet420 - 8 years ago

      It shouldn’t be much longer since Adobe renamed Flash Professional to Animate CC and moved to html5.

    • dcj001 - 8 years ago

      You can, and you should!

      I uninstalled Flash years ago. I like not needing to update Flash every few weeks.

      • pdixon1986 - 8 years ago

        im on mac… but a few sites still insist on using it…
        i just wish all sites will move away from it.

  2. I don’t use flash.

  3. Cognomen - 8 years ago

    ……. and the BBC still insist on Adobe Flash for their news sites on OSX. Why?

    My efforts to get a response from the BBC have, so far, failed.

    As a world leader in providing news, it is about time that they realised that their are alternatives such as HTML5. They manage for iOS so why not Mac OS?

    I am being forced to change my home page to other news providers, which is something I really don’t want to do, just so that I don’t have the bother of dealing with updates to another buggy version from Adobe every week or so.

  4. 89p13 - 8 years ago

    Flash should go the way of the other dinosaurs – extinction!

    I don’t use flash or Java as I see then as very vulnerable points of entry to create havoc and destruction on my systems.

    • k0jeg - 8 years ago

      It becomes a real problem for imbedded systems. At work we have a few devices that use old Java for the GUI. They’re behind firewalls and non-public networks so there’s not much risk, but since the self-signed certs were cause for blocking we’re all stuck using Java 6.x. AFAIK the vendor hasn’t done anything to update their devices, if they even can be upgraded. For whatever reason IT has decided that everyone has to use the same locked whitelist, so whitelisting these devices is next to impossible.

      Not the first time this sort of thing happened, and I’m certain not the last.

      • shareef777 - 8 years ago

        Yep, it’s shocking how companies as large as Cisco continue to leverage flash/java for their systems. Even VMware (world’s number one virtualization platform) uses flash and has actually deprecated features from the full (albeit windows only) client.

  5. galley99 - 8 years ago

    I haven’t had Flash installed in 3 or 4 years. I’ve never installed Java on my Macs!

    • Cognomen - 8 years ago

      That may be fine for those of you who do not have a home page that uses Flash to ignore it entirely but, as I implied, I prefer BBC News as my home page because i live in the UK. I don’t want to change news providers but am being forced to so do by an organisation which ought to have had this issue sorted years ago..

  6. meckernburg - 8 years ago

    Cognomen, the work around for BBC sites is to kid them that you’re using an iPad. Enable the Safari’s Debug menu (last checkbox on the Advanced preference tab), then use it to set the User Agent to “Safari – iOS 9.4 — iPad”.

    • Cognomen - 8 years ago

      Many thanks to you and to Briar Kit Esme for the instructions on how to get a Flash free Mac – it definitely works!

      I think my question still remains as to why the BBC still refuse to do anything about it, now made worse by the ease with which you both have given me a simple work around!

      Again, your help is much appreciated.

      • Lawrence Krupp - 8 years ago

        “I think my question still remains as to why the BBC still refuse to do anything about it…”

        Because it’s easier to do nothing. It takes effort and money to do something. And besides, the unwashed masses could not care less about this.

      • Doug Aalseth - 8 years ago

        That is the big question. I hit then BBC several times per day and yes it is annoying that they have Flash. Even more annoying because the Debug Menu trick works, so they HAVE everything available in non Flash. They have converted the site already. It’s not like they have to do much if any work to complete the switch. Just push the same content they use on their mobile site to the regular one. Indeed, it would reduce their total workload because they wouldn’t have to support Flash and non Flash content. Why they don’t is really unfathomable to me.

  7. 311sie - 8 years ago

    Kill that horse already!!

  8. PhilBoogie - 8 years ago

    “With an increasing number of people opting to zap Flash from their systems altogether, I think I’m going to try the experiment myself.”

    Ben, it won’t be you conducting an experiment, ‘The Internet works just fine’ without it. Adobe is experimenting though, after they acquired FutureSplash they totally crippled it. But that’s over a decade ago, and Flash never became a proper tool. Useful, but not properly designed, hence all the security issues it has seen in its lifetime.

  9. Lawrence Krupp - 8 years ago

    Remember all the snark from the Fandroids about viewing the ‘real’ Internet? Remember their reaction to Steve Jobs’ open letter about Flash?

  10. Tom Cowen - 8 years ago

    Guys, just to let you all know if you are using Google Chrome for Windows or Mac based systems, you will need to update the program as Google Chrome uses integrated flash player, chrome should automatically update but it would be good to check this and make sure Chrome has updated.
    To do this –
    1. Launch Google Chrome
    2. Click the 3 bars in the top left and select ‘Settings’
    3. On the left navigation pane select ‘About’
    4. Google Chrome should automatically check for an update and should prompt the user to update.
    5. After the update Chrome will prompt the user to relaunch
    6. Relaunch Chrome!

  11. vkd108 - 8 years ago

    When, oh when, will we be free from this plague (Adobe Flash)?

    • xp87 - 8 years ago

      You wanna see something really funny?

      https://www.24hourfitness.com/MSO.do

      THEIR ENTIRE ACCOUNT SECTION, including even logging in, is inside a flash applet. First of all, of all things, WHY did they even build it that way 10-15 years ago? I could understand a flash game many years ago or hell, even now — but a flash…account management section? LOL.

      Let’s all shame them (and all like them) into fixing their site to use this little thing called HTML.

  12. Well you shouldn’t have bought Macromedia then, should you. Aholes.

  13. Marco Brandão - 8 years ago

    Don’t use Flash. Read the open letters Steve Jobs wrote “Thoughts on Flash”. It’s on Apple site, just google it.

  14. Howie Isaacks - 8 years ago

    When I recently erased and reinstalled my Mac mini, I did not put Flash back on it. I went a week without needing it, so I removed it from my MacBook Pro. I have not had to reinstall it. Flash is crap. I remember how Steve Jobs was criticized for his stance on Flash. He was right.

  15. I have Chrome which updates itself and Adobe Flash PPAPI listed in Uninstall Programs.
    Chrome has Version 21.0.0.216 and Uninstall lists Version 21.0.0.213.
    I cannot update the PPAPI program or uninstall it as Chrome is never closed enough!
    http://petesqbsite.com/phpBB3/viewtopic.php?f=4&t=4095&p=24050#p24050

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear