Adobe Flash Hit by Hackers Yet Again; Turn It Off Now

UPDATED noon EDT, Friday Oct. 16, with news that Adobe has patched the latest flaw.

For what feels like the umpteenth time, a zero-day exploit has been found attacking Adobe Flash Player. This time, the exploit is part of an ongoing cyberespionage campaign possibly linked to Russia, but the fact that few users are affected (so far) doesn't diminish the chronic threat posed by Adobe's repeat offender of a browser plugin.

Image: Zepedrocoelho/Shutterstock

Image: Zepedrocoelho/Shutterstock

Adobe posted an advisory warning yesterday (Oct. 14) on its website, but no patch for the vulnerability has been released, despite a host of other patches having been pushed out the previous day. The warning states that Adobe doesn't expect a patch to be ready until next week.

MORE: Identity Theft Victim? Here's 6 Things You Need to Do

The new Flash exploit is part of recent attacks by the spies behind the Pawn Storm campaign, which for the past year has been targeting potential adversaries of the Russian government. Security firm Trend Micro reports that the Flash exploit has been used in highly targeted spear-phishing attacks that sent email messages containing malicious Web links to "several foreign-affairs ministries from around the globe."

The emails bear subject lines such as "Russia warns of response to reported US nuke buildup in Turkey, Europe" and "Israel launches airstrikes on targets in Gaza." The expectation is that curious diplomats will click through to the malicious websites, thus compromising their Web browsers and, depending on the accompanying malware, their Windows, Mac or Linux computers.

Adobe states that "this vulnerability is being used in limited, targeted attacks," but in fact, it's yet another reminder that only you can prevent Flash attacks.

We advise all users to simply disable Flash. We walk you through most browsers in this tutorial, and there are instructions available at Laptop Mag if you use Microsoft's new Edge browser. Still need Flash for some reason? Here's how to set Flash to click-to-run, which will at least prevent malicious Flash exploits from loading immediately.

UPDATE: Adobe posted a patch for the Pawn Storm exploit Friday. Microsoft's Edge browser and Internet Explorer 11 on Windows 10, and IE 10 or 11 on Windows 8 or 8.1, will be automatically updated, as will Google Chrome on all platforms. Otherwise, users will have to manually update Flash by visiting the official download page.

Henry T. Casey
Managing Editor (Entertainment, Streaming)

Henry is a managing editor at Tom’s Guide covering streaming media, laptops and all things Apple, reviewing devices and services for the past seven years. Prior to joining Tom's Guide, he reviewed software and hardware for TechRadar Pro, and interviewed artists for Patek Philippe International Magazine. He's also covered the wild world of professional wrestling for Cageside Seats, interviewing athletes and other industry veterans.

  • TechyInAZ
    It never ends. I can't wait until HTML5 video becomes the norm.
  • LePhuronn
    This, as usual, is purely sensationalist journalism joining the fight to force Adobe to kill Flash. How about, instead of panicking and turning off Flash in your browser, learn how to use your computer properly? Y'know, don't click on links in emails like a retard.
  • Paul Wagenseil
    Because, Lephuronn, most browser-exploit malware attacks without warning and without user intervention. A good browser exploit kit will never let the user know that it's successfully infected the computer. And Flash Player is one of the most common ways in.