Adobe warns users to patch a critical Flash vulnerability
An exploit used in "targeted attacks" is already in the wild.
Stop me if you've heard this one. Adobe has released a new patch for Flash that fixes "critical vulnerabilities that could potentially allow an attacker to take control of the affected system," according to the security bulletin. It says the update (version 21.0.0.182) is a top priority for users of Windows, Mac, Android, iOS and ChromeOS, so you should install it tout de suite. The upgrade patches 23 holes in the software, but Adobe said one of them, CVE-2016-1010 "is [already] being used in limited, targeted attacks."
While that's the only known exploit in the wild, some of the other vulnerabilities could also lead to code execution and allow a hacker to take over your machine. This has become such a broken record that major web players hope that Flash will die soon -- Facebook has demanded an end-of-life date from Adobe, while Google says that it will discontinue Flash-based ads. Many experts recommend you uninstall it completely, or if not, you can at least stop the plugin from running automatically in your browser. Another option is to use Firefox, which blocks it by default. The update should be pushed out soon, but if you can't wait, download it here.
