Adobe patches Flash against zero-day vulnerabilities

No sooner do I write that Firefox is blocking Adobe Flash because of the critical vulnerabilities that are being publicly exploited, than Adobe releases a security update to Flash addressing the zero-day flaws.

Well done Adobe!

[vine url=https://vine.co/v/OFIhWeOY6LL width=600 height=600]

(Whatever you think of Adobe Flash, you have to admire the company’s speedy response to the vulnerabilities. Perhaps describing them as “saviour of the universe” is going a bit too far though…)

Unfortunately, at the time of writing, Adobe’s security advisory about the vulnerabilities has not been updated to explain that Flash version 18.0.0.209 resolves the issues – but security journalist Mathew Schwartz told me on Twitter he had received direct confirmation from Adobe.

Sign up to our free newsletter.
Security news, advice, and tips.

Of course, all that we need now is for people to update to the latest version of Flash or remove the software from their computer completely.

If you are one of those who will opt for updating Flash rather than kicking it out, then you may be reliant on Flash’s built-in auto updater.

You would normally hope that auto-updating software would be a reasonable route, but unfortunately – in my experience – I have found Adobe’s updater often takes days to notice that a patch is available. So I would suggest more direct action.

The most recent version of Flash is always available from the Flash download page.

Flash update

If you are not sure which version of Adobe Flash you are running on your computer, visit this Adobe webpage which will tell you. Remember, it’s version 18.0.0.209 or later that you are after.

But I would also recommend going further than just updating Adobe Flash.

Consider enabling Click-to-Play, one of the best ways to protect yourself against criminals exploiting vulnerabilities in Adobe’s software.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.


Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.

3 comments on “Adobe patches Flash against zero-day vulnerabilities”

  1. drsolly
  2. jmk3911

    What a run-around. I got rid of it altogether and am not going to re-install it only to have some talking head tell me tomorrow to get rid of it. Bunch of jokers.

  3. Anonymous

    It's amazing how one piece of software can be so badly written.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.