Adobe has issued a critical security bulletin for its Flash Player software, just for a change, warning that vulnerabilities in the software could allow attackers to take full control of a target system regardless of host operating system.
Although Adobe recently
rebranded its content creation software to distance itself from the tainted Flash name, its playback software is still known as Flash Player - and, it would appear, has not improved on the security front in recent years. The flexibility of an in-browser multimedia scripting system may have made Macromedia a rich company, but since Adobe acquired the software it has turned into something more of a millstone around the company's neck.
In the latest of a long and storied history of serious security issues, Flash Player has been found to have a vulnerability capable of allowing a remote attacker to take full control of a system by nothing more than sticking a malicious Flash file in a web page. While all platforms are affected, not all are equal: Adobe's
bulletin assigns the highest risk to the Flash Player Desktop Runtime on Windows and OS X, Flash Player Extended Support Release on Windows and OS X, Flash Player for Edge and Internet Explorer 11 on Windows 8.1 and Windows 10, and the built-in Flash Player for Google Chrome on Windows, OS X, Linux, and Google's own Chrome OS. Those running Adobe Flash Player for Linux or the AIR package on any platform are less critically affected, but should still update as soon as possible.
In total, the available updates close a whopping 23 individual vulnerabilities, any one of which can be used for remote code execution on the most critically-affected builds of the software. In short, either update Flash now - or consider uninstalling it altogether.
Want to comment? Please log in.