Adobe has been under a firestorm of criticism thanks to multiple security flaws in Adobe Flash. Within the past week, 3 zero-day vulnerabilities (meaning having no patch or fix) were discovered in Flash’s code. The reason for this is that on July 5, a hacker got a hold of 400 GB of data from the Italian information technology company known as Hacking Team (ironic, we know). Within the compromised data was information about an exploit in Flash. After Adobe released a patch for that on July 8, two more vulnerabilities were discovered in the data that was leaked from the Hacking Group.
Computer users around the world have grown irritated by Adobe Flash. The plugin not only uses a lot of system resources to run in the background of web browsers, but often freezes and crashes systems. Industry leaders are moving away from Adobe Flash. YouTube, for example, announced back in January that it would stream all videos via HTML5 by default. Even the late (and great) Steve Jobs even posted on the Apple Blog all the way back in 2010 about his issues with Adobe Flash on both desktops and mobile devices.
A few of our clients called us earlier in the week, both frustrated and confused about what was happening with Flash. These clients work primarily in Mozilla Firefox, who over the weekend began to block all versions of Flash from automatically running. As a result, every time our clients opened a web page that had Flash embedded, a warning would pop up asking for permission to run the program. While most of our clients were agitated by the constant pop-ups, a few of them called with questions regarding the safety of running Flash on their browsers.
What You Need To Know
All 3 zero-day vulnerabilities have been patched by Adobe, with the release of Adobe Flash, Version 18.104.22.168 on Tuesday, July 14. For the most part, users running an older version of Flash on their browsers have experienced minor browser hiccups (including the annoying pop-ups within Firefox). We do recommend upgrading to the most recent version of Flash which does have patches for the 3 vulnerabilities.
What You Need To Do
Internet Explorer and Firefox users should head to the Adobe website to download the most recent version – https://get.adobe.com/flashplayer/. Google Chrome should update automatically. If you don’t have administrative access to do the update on your own, make sure you contact your IT department or system administrator to make sure the patches are installed. As a precaution you can also ask for a system-wide antivirus and anti-malware scan just to be on the extra safe side.
With all of the turmoil surrounding Adobe Flash, it looks like we’ll be seeing less of it in the future as more developers opt for newer image and video technologies such as HTML 5. However, right now many sites continue to use Flash for content delivery, so it is important that you have the most updated (and patched) version of Flash installed!