Using Adobe Flash? You should patch it pronto

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

FlashIf you still have Adobe Flash installed on your computer, you should patch it pronto – regardless of whether you are running Windows, OS X or Linux.

Yesterday, Adobe released a Godzilla-sized patch that fixes a sea of over 30 different security vulnerabilities in Flash and Adobe AIR.

“Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.”

Security updates

Sign up to our free newsletter.
Security news, advice, and tips.

Adobe’s recommendation is that Windows and Mac users of Flash update to Adobe Flash Player 18.0.0.232, while Linux users should update to version 11.2.202.508.

(Dontcha just love Adobe’s version number system, by the way?)

If left unpatched, it’s possible that malicious hackers could exploit the vulnerabilities to infect your computer with malware. The good news is, so far at least, Adobe hasn’t seen any evidence of the vulnerabilities being exploited in the wild.

But don’t let that fool you into thinking that patching isn’t still a high priority.

The most recent version of Flash is always available from the Flash download page.

If you are not sure which version of Adobe Flash you are running on your computer, visit this Adobe webpage which will tell you.

Versions of Adobe Flash Player installed with Google Chrome, Microsoft Edge for Windows 10, and Internet Explorer 10 and 11 for Windows 8.0 and 8.1, should be automatically updated.

Click to playBut I would also recommend going further than just updating Adobe Flash.

Consider enabling Click-to-Play in your browser, one of the best ways to protect yourself against criminals exploiting vulnerabilities in Adobe’s software.

But, be warned, disabling or nobbling Flash in just your browser may not be enough to protect your computer from infection – as it’s perfectly possible for Flash vulnerabilities to be delivered to your PC by routes other than the web.

Meanwhile, Adobe recommends that users of its AIR desktop runtime, AIR SDK and AIR SDK & Compiler update to version 18.0.0.199 by visiting the AIR download center or the AIR developer center.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

7 comments on “Using Adobe Flash? You should patch it pronto”

  1. Jim Goodyear

    If one decides to follow the advice and go beyond Click-to-Play and remove Flash completely, how can one play the video content etc that was previously played through Flash ?
    Is there another player that can take its place ?
    HTML 5 or Quicktime perhaps ?

    1. Graham CluleyGraham Cluley · in reply to Jim Goodyear

      That rather depends on where the videos you are interested in watching are hosted, and if they offer you the ability to view without needing Flash.

      The top video site is YouTube, of course, and that offers HTML5 playback: https://www.youtube.com/html5

  2. Simon

    The world would be such a better place when Flash is no longer used. One less thing to patch…

  3. Greg

    If you are using Flash, you should uninstall it pronto. Yes, there are a few sites that still require Flash, but more these days are using HTML5. I've not missed Flash at all. Youtube works great without it.

  4. Spryte

    I removed Adobe Flash from my Windows boxes about two years ago and haven't missed it.
    Most video sites support HTML 5 now and some that don't allow downloading of the file so there is no big issue except for Facebook and most of those are on YouTube anyway.
    I do have Flash on my PCLinuxOS box and am on my way to update.

  5. Tom

    Having Chrome means I don't have to worry as much about Flash being updated, however, I still have Click-to-Play enabled. I would disable Flash completely, but some of the sites I visit still use it.

  6. Anonymous

    The sooner Flash fades out the better.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.