On Tuesday, Adobe released a critical update patching over 50 security holes in its Flash Player plugin.
Security blogger Brian Krebs says it better than me:
It’s bad enough that hackers are constantly finding and exploiting zero-day flaws in Flash Player before Adobe even knows about the bugs.
The bigger issue is that Flash is an extremely powerful program that runs inside the browser, which means users can compromise their computer just by browsing to a hacked or malicious site that targets unpatched Flash flaws.
The smartest option is probably to ditch this insecure program once and for all and significantly increase the security of your system in the process.
That seems pretty reasonable to me.
Here is our guide on how you can update Adobe Flash on your computer or (even better) uninstall it entirely.
If that seems too drastic a step for you take right now, at the very least consider enabling “click to play” to reduce the chances of attackers exploiting Flash as you browse the web.
The full advisory on the Flash security vulnerabilities can be read on Adobe’s website, as can details of the security update they have released for another of their beleaguered products – Adobe Reader.
Perhaps you and Brian can get together this weekend and rewrite all of the commercial software that uses Flash in HTML5. I'm sure that the two of you will be able to do this without difficulty.
Suppose we delete Flash; then what? What do we use to view the content on most of the Web pages we visit?
iOS users seem to manage just fine.
Seriously, a half-way house is to enable Click-to-Play. I've described how to do that, and its benefits, here: https://grahamcluley.com/enable-click-play-adobe-flash/
Most websites, YouTube does this, fallback to HTML5 or some other media provision when they detect Flash is unavailable.
Or carry on using Adobe Flash at your risk. I've give some additional suggestions in another comment.
ok I will remove, but many apps say they cannot run and need flash, as a computer infant, how do I get around this?
Remove Adobe Flash and then install Google Chrome. That still uses Flash BUT NOT Adobe Flash. The version of Flash that Chrome uses is kept more up-to-date. And then enable click-to-play as Graham suggests for extra security.
In terms of mitigating the risk caused by such exploits consider installing something like Malwarebytes Anti-Exploit. The free version protects your browser – you probably won't need the paid version. You should use this IN ADDITION to your normal anti-virus software and firewall.
https://www.malwarebytes.com/antiexploit/
Malwarebytes Anti-Exploit is an excellent way to mitigate the risk of malware triggering on your PC, but it's not free (there is a free trial) and it's not an option for OS X.
Steve, it IS free. Take a look at their website again ;-)
They give you a 14-day free trial of the Premium Features and after the 14-days it downgrades to the Free version.
The free version only provides you with:
"Shields browsers and add-ons"
"Shields Java"
All the other premium features get deactivated after 14-days unless you pay £20 per year.
The free protection is sufficient for those not willing to fork out for it.
https://www.malwarebytes.com/antiexploit/
Trashed it several months ago. Don't miss much.
So will adobe start shelling out money for malicious damage done to users computers as a result of their crap? No they wont .. its your problem.
As long as adobe flash exists we will never be free!
Didn't you mean "As long as applications using Flash exist" ???
I don't see why Adobe doesn't release flash open source?
It's not like they have made money from flash in ages if ever. The cost of paying the team responsible for writing this constant flow of patches has to be costing more than they make from selling the tools to author flash content. That's assuming they even sell them any longer? Didn't they announce they were retiring flash back in 2012?
Open that sucker up and let the community maintain it.
Because it's commercial software.
Remember that Open Source doesn't equal security. Look at OpenSSL (Heartbleed et. al.), Bash and all of the other vulnerabilities that have lurked in open source software for YEARS simply because the programmers/people reviewing the code:
were not skilled enough
didn't have enough time on their hands
not motivated to look for vulnerabilities
overlooked something which appeared 'okay'
were too busy developing their own forks
Open Source is good but the waterfall of vulnerabilities in Open Source doesn't make it any more secure from common vulnerabilities.
Open Source IS good for allowing people to check if there are any backdoors but then again all the best backdoors are designed to look like simple programming errors and we all know that the unpaid community have left these vulnerabilities un-repaired and open to hackers for years.
Unfortunately, even though Flash is evil and has always been evil, MOST webpages and a very large number of businesses —INCLUDING __YOUR__ BANK — use Flash.
Why?
Because it is so easy to program Flash and the product is so, well, Flashy and comic-book like that it appeals to and can be programmed by children.
I have had nothing but problems with adobe flash on firefox recently. It crashes and then freezes on certain sites.
I have been using the avast safe zone browser instead of firefox. It will not even open some sites, but no crashes yet.
This is complete nonsense. I've been working in IT for over 20 years and I have never once encountered a situation where a computer was compromised due to Flash. This rampant Flash hysteria smacks of a concerted effort to defame Adobe. It probably started with Apple and now every Tom, Dick, and Harry is jumping on the bandwagon and parroting the incessant propaganda.