You really should disable or uninstall Adobe Flash at this point. If you haven’t yet done so however here is another reason, following on from last week’s 0-day exploit; there is another critical vulnerability that is being actively exploited in the wild, the only difference this time is that there is no security update yet. Even better, we don’t actually know when it will be patched other than, “during the week of February 2” and pretty much everyone is affected.
So now that YouTube has finally moved on to HTML-5 as the default video player and ditched Flash, there are probably not that many websites where you really need it. What you can do in this case is at least disable it unless it’s needed, if you really do want to keep it installed for now. There are some pretty good step-by-step instructions for disabling Flash here incase you need to send them to friends and relatives.
Adobe released a security bulletin earlier today with the following information “A Security Advisory (APSA15-02) has been published regarding a critical vulnerability (CVE-2015-0313) in Adobe Flash Player 220.127.116.116 and earlier versions for Windows, Macintosh and Linux. We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below.”
The vulnerability was found by researchers at Microsoft and Trend Micro and in this case, merely visiting a website with a malicious bit of Flash code can infect your machine, hence the name “drive-by-download attack”. If you really need flash for a critical application or web service, then be sure to only click on links that you trust and do not visits any unknown websites until an update is released.
Hopefully we will get an update from Adobe to resolve this within the week, but in the meantime and even the long run, unless you really need Flash either disable it or uninstall it. When fewer people have it installed, web developers will hopefully stop relying on it for vital parts of the services they bring us, which should make the internet a far more secure place.
Discuss on our Facebook page, HERE.
KitGuru Says: Disabling Flash can be a pain, but its well worth doing to protect against this and future undiscovered security issues. Are you using any sites that still require Flash, or do you know anyone who has it installed?
Source: Adobe blog