Update(2): 10/16
Adobe releases a fix to patch this vulnerability with Flash Player version 19.0.0.226. You should download the latest version immediately if you are using Flash.
Update: 10/16
The Flash zero-day was actually reported by a Google engineer two weeks prior to it being found in the wild. Natalie Silvanovich from Google Project Zero initially posted a report on Sept 29th.
– –
A new Flash Player zero-day has been found in the wild and is being used in targeted attacks. Adobe has published a security bulletin and said it expects to release a patch during the week of October 19.
The vulnerability which has been assigned as CVE-2015-7645 is rated critical and affects Adobe Flash Player 19.0.0.207 and earlier versions.
This means that even if you are running the latest version of this program, you are still vulnerable and can get infected by simply browsing the web, even on sites that you trust.
2015 has been a very bad year for the Flash Player and given that a patch won’t be available for several more days it is crucial to take immediate action to protect yourself. Indeed, this window of opportunity is something that exploit kit authors have taken advantage of in the past to infect scores of end users
Now is the time for you to seriously consider disabling or removing the Flash Player from your browser. For those that can’t do without it (many sites still require it), we strongly recommend that you use an exploit mitigation tool such as Malwarebytes Anti-Exploit.
We will keep you posted of further developments on this new zero-day.
People need to stop using Flash. And Adobe should discontinue it because it has too many problems. Ever heard of HTML5?
Correct flash is terrible
…and contrary to HTML5 nay-sayers, my use of HTML5 shows no loss of video quality.
Yes Flash is quite vulnerable, but is crucial for website owners, companies/factories, schools and government buildings that use this kind of technology in their work environment. NPAPI in general is used widely and is still required for a lot of transactions to through. For example, I can’t watch Netflix without Silverlight or upload more than one photo/video on Walmart without Flash. Not to mention, many school requires Java, Flash, VLC Media Player or QuickTime Player to display certain educational content on the web, such as videos/audio and animation for demonstration.
So no, you can’t just stop support for it totally and expect our growing web to play catch up in that instant, month, year or maybe longer. It takes time and uninterrupted time at that. Yeah, HTML5, HTML DRM, EME and whatever else is not ready to fully take over what the NPAPI technology does and will continue to do; to extend our browsing compatibilities without compromising performance and security, if support goes on. Plus, this puts more bloat in our browser and could very well make them more vulnerable if not properly implemented.