Patch Adobe Flash now – Hacking Team zero-day exploit fix included in emergency update

FlashWhile the world freaks out about the zombie apocalypse New York Stock Exchange and United Airlines suffering computer problems, there’s some important news on the security front.

An emergency patch for Adobe Flash has been released, reportedly fixing critical zero-day vulnerabilities that have been exploited by hackers to compromised computer systems.

(And no, I have no reason to believe that the Adobe Flash vulnerability has anything to do with the hiccups that the NYSE and United Airlines are experiencing.)

Of course, what makes this patch particularly interesting is that it includes a fix for a zero-day vulnerability developed and exploited by Hacking Team, an Italian company who sells spyware to governments and law enforcement agencies and rather awkwardly suffered a massive hack earlier this week.

Sign up to our free newsletter.
Security news, advice, and tips.

The attackers responsible for the security breach at Hacking Team, released many gigabytes worth of stolen data including email archives, internal documents and source code for the company’s controversial products.

Which means, effectively, that details of the Adobe Flash zero-day tumbled into the wild for anybody to exploit.

A large number of other security holes appear to have also been addressed by this update, so I would recommend patching your systems at the earliest opportunity.

flash-wide

The patch can be found in Flash Player version 18.0.0.203 for Windows and Mac computers. For full details, and download links, check out the security advisory on Adobe’s website.

If you are not sure which version of Adobe Flash you are running on your computer, visit this Adobe webpage which will tell you.

The most recent version of Flash is always available from the Flash download page, but be sure not to be tricked into installing other third-party “optional offer” products at the same time (an irritating habit of Flash’s install program).

But I would also recommend going further than this, and enabling Click-to-Play, one of the best ways to protect yourself against criminals exploiting vulnerabilities in Adobe Flash.

Further reading:


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

2 comments on “Patch Adobe Flash now – Hacking Team zero-day exploit fix included in emergency update”

  1. Coyote

    Linux flash (now version 11.2.202.481) has also been updated, fwiw. Pulled it before starting firefox and then saw this post.

  2. Chris Thomas

    Get Malwarebytes Anti-Exploit. It's free for use with web browsers and it blocks this exploit.

    I can't understand folks ignoring it. It's from a firm with an impeccable reputation, it's free gratis and it works.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.