Adobe has warned that online criminals are exploiting an as-yet-unpatched flaw to infect Windows users of its Flash Player software.
According to a security bulletin issued by Adobe, the attackers have been embedding malicious Flash content within boobytrapped Microsoft Word documents sent to intended targets via email.
If an attack is successful, the result would be that a remote attacker can take control of a PC.
Adobe Flash Player 220.127.116.11 and earlier versions are said to be vulnerable to the attack. You can check which version of Flash you have installed on your computer here.
The good news is that Adobe has said it will release a patch for this latest vulnerability sometime this week.
But this is surely yet another reason for Adobe Flash’s still large number of users to consider whether it’s time to call an end to what can charitably be called a rocky relationship.
Adobe Flash has let you down time and time again, forcing you to pick up the pieces and try to mend what’s broken.
It’s not as if Adobe Flash has a future.
Adobe has announced that it will be no longer updating or distributing Flash after 2020, and Android and iOS users seem to be managing just fine surfing the internet without Adobe Flash right now.
It doesn’t take Nostradamus to predict that this isn’t going to be the last discovery of a remotely exploitable vulnerability in Flash. Chances are that there is another zero-day vulnerability in Adobe Flash just around the corner.
Protect yourself now by either removing Flash from your computers or, if you decide that’s not a viable option for you just yet, enable “Click to Play” to give your computers an additional layer of protection against Flash attacks.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.