Security firm Symantec has issued a warning to PC users to update or disable Adobe Flash, following the discovery of a severe vulnerability in the popular browser plugin to which there is no fix yet. Adobe has confirmed the existence of the problem and has categorized it as “critical”. Attackers who exploit it would be able to take control of PCs and run malicious code.
Adobe has swung into action and has just released an update. The most recent affected version of Adobe Flash Player for Windows and OS X is 18.0.0.194, and for Linux is 11.2.202.468 whereas the updates are numbered 18.0.0.203 (Windows and OS X) and 11.2.202.481 (Linux). Users should verify that they update to at least these versions as soon as possible.
Nevertheless, there has been plenty of time for attackers to try and target PCs around the world. Both Adobe and Symantec have strongly recommended that users disable Flash altogether until they can download the updates.
Symantec has further provided instructions for users to disable the Flash plugin. In Google Chrome, type ‘chrome://plugins’ into the address bar and hit Enter. Find the entry for Flash and click disable. Firefox users need to click ‘Add-ons’ in the browser menu and disable Shockwave Flash on the Plugins tab. Internet Explorer users should click ‘Tools > Manage Add-ons’ and disable Shockwave Flash Object in the All Add-ons list. The steps need to be taken for each Web browser a user has installed.
The exploit was apparently originally discovered by Hacking Team, an Italian collective known for supplying electronic surveillance software to governments and other bodies around the world, but not made public. An attack on Hacking Team by an anti-surveillance activist resulted in over 400GB of proprietary software being released to the general public, including information about the Adobe Flash vulnerability. By keeping it a secret, the company had been able to exploit it for its own gain. It is not known how long ago Hacking Team discovered it and how long the firm had been using it, or for what purposes.