Emergency Adobe Flash update prepped as hackers actively exploit flaw

What’s that? You’re still using Flash?

Adobe Flash

Adobe has announced that it will be issuing an emergency security update for its widely-used Flash Player, after discovering hackers were actively exploiting a security hole to hijack control of computer systems.

“A critical vulnerability (CVE-2016-1019) exists in Adobe Flash Player 21.0.0.197 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.”

The one piece of good news is that if you have been doing a reasonably good job of keeping your systems updated then you may already be benefiting from a mitigation introduced in Flash Player 21.0.0.182 that, according to Adobe, “currently prevents exploitation of this vulnerability.”

Sign up to our free newsletter.
Security news, advice, and tips.

The vulnerability has been given a “critical” severity rating by Adobe, and users are advised to update their systems at the earliest opportunity.

So, what better time is there to check out our article explaining how to keep Adobe Flash up-to-date or ditch it entirely?

If you’re not quite ready to take the step of entirely uninstalling Flash, then you should at the very least consider enabling “Click to Play”, which stops Flash elements from being rendered in your browser unless you give specific permission.

Yeah, you guessed right. I’m not a fan of Adobe Flash.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

5 comments on “Emergency Adobe Flash update prepped as hackers actively exploit flaw”

  1. John V. Keogh

    If it wasn't for the BBC iPlayer site, I would ditch Flash. I have used ClickToFlash in Safari for many years which stops the fans on my quad-core iMac from spinning up. Adobe's code must be so inefficient!

  2. lanerd

    Flash is nothing but a security risk , I ditched Flash long ago , sure I can't play some videos but I'll take the security over the videos anytime ……

  3. coyote

    I really wish Adobe would die. It doesn't have to be an excruciating death but it would really do the world some good. Or so I would like to believe. It's unfortunately not that simple:

    As much as I hate Adobe (particularly because of Flash) the reality is so many websites (and I believe some software ?) use it – and refuse to replace it for whatever excuses they may give (and there is not one legitimate excuse). If Adobe were to abandon it it would be even more risky. It's unfortunate but the reality is the problem is not an entity but numerous entities.

    Edit: But don’t forget that even with updates it doesn’t mean everyone will update it. This means more computers are vulnerable which makes everything else less secure. So not only are both Adobe and many websites a problem but so are those who don’t update Flash.

  4. luke

    what i cant stand is adobe uses so much memory, then every time i update it tries top force mcaffee on me, i dont want the bundle, i just want a simple update, how hard is that?

  5. i already hacked you

    Are- are you people real? Worldwide Loyalty Team? One wonders. A few companies jumped on Adobe back in '10 when Jobs ranted incoherently about nonsensical accusations that can be leveled at any technology. Now everyone is repeating the tripe. "I hate Adobe" "Die Adobe" "Adobe is trash". I smell a rat, and it smells like rotten apples.

    One exploit? Oooo. It's Zero Day! Scary! Are you people even cognizant enough to know what that means? It means Apple has been hacking Adobe since 2012, and FINALLY found an exploit in near a release of an update. Big whoop. We've been "Zero Day"ing boxes for decades. Heck, the U.S. and Israel "Zero Day"ed Iran!

    Fear-mongering hype like this rubbish is why people will suffer in the end. Mark my words. Job's crusade is a plan of ruinous failure.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.