[Update 10/16: Somewhat sooner than expected, Adobe has released a new version of Flash available here.]
Here’s a heads-up to Mac users with Adobe Flash Player installed. Adobe has posted a security bulletin this week advising Mac, Windows, and Linux users of a known security issue with the latest version of the Flash Player plug-in, version 19.0.0.207 and earlier. In the security advisory, Adobe details that the ‘critical vulnerability’ in Flash Player could potentially cause system crashes and allow attackers “to take control of the affected system.” Also in the briefing, Adobe acknowledges a report detailing that the exploit, which Adobe labels CVE-2015-7645, is “being used in limited, targeted attacks.” As for a fix, uninstalling Adobe Flash Player is currently the only sure solution for concerned users. Adobe goes on to promise an upcoming fix through the next version of Flash Player expected to be released as soon as Monday, October 19th.
As for how serious the vulnerability seems to be, Adobe notably marks the exploit as ‘critical’ status, which ranks highest on its Severity Rating System. The label applies to: “A vulnerability, which, if exploited would allow malicious native-code to execute, potentially without a user being aware.”
Although the fix isn’t ready yet, Flash Player users can find the latest version of the plug-in here. Mac users wanting to uninstall Adobe Flash Player from OS X can follow these steps for removing Flash Player from the system.
By default, Apple hasn’t pre-installed the Flash Player plug-in on OS X for several OS X versions. Rather than shipping out-of-date versions of the plug-in, Apple has instead let customers decide whether or not Flash Player is needed at all. iOS, of course, doesn’t support Flash Player.
