It’s time to say ‘Welcome to dumpsville Adobe Flash’, as new unpatched flaw exploited by criminals

Adobe promises a patch sometime this week, but it’s living on borrowed time.

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Criminals are exploiting unpatched Adobe Flash flaw

Adobe has warned that online criminals are exploiting an as-yet-unpatched flaw to infect Windows users of its Flash Player software.

According to a security bulletin issued by Adobe, the attackers have been embedding malicious Flash content within boobytrapped Microsoft Word documents sent to intended targets via email.

If an attack is successful, the result would be that a remote attacker can take control of a PC.

Sign up to our free newsletter.
Security news, advice, and tips.

Adobe Flash Player 28.0.0.137 and earlier versions are said to be vulnerable to the attack. You can check which version of Flash you have installed on your computer here.

The good news is that Adobe has said it will release a patch for this latest vulnerability sometime this week.

But this is surely yet another reason for Adobe Flash’s still large number of users to consider whether it’s time to call an end to what can charitably be called a rocky relationship.

Adobe Flash has let you down time and time again, forcing you to pick up the pieces and try to mend what’s broken.

It’s not as if Adobe Flash has a future.

Adobe has announced that it will be no longer updating or distributing Flash after 2020, and Android and iOS users seem to be managing just fine surfing the internet without Adobe Flash right now.

It doesn’t take Nostradamus to predict that this isn’t going to be the last discovery of a remotely exploitable vulnerability in Flash. Chances are that there is another zero-day vulnerability in Adobe Flash just around the corner.

Protect yourself now by either removing Flash from your computers or, if you decide that’s not a viable option for you just yet, enable “Click to Play” to give your computers an additional layer of protection against Flash attacks.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.