Happy Friday the 13th! It's time to update your Adobe Flash Player browser plugins once again, as the multimedia software has received yet another emergency patch to foil attacks that may already be happening.
Users of Google Chrome, Microsoft Edge and Microsoft Internet Explorer 11 need not worry, as the makers of those Web browsers are pushing out patches automatically. But if you use other browsers, we've got update instructions below.
Alternately, you could just disable Flash Player, use an ad blocker or set Flash to "click-to-run." We'll show you how to do those too.
The patch, which came two days after Adobe's normal monthly "Patch Tuesday" round of updates, fixes a total of 25 vulnerabilities in the aging multimedia software. But the worst is designated CVE-2016-4117, about which Adobe's latest security bulletin says the company is "aware of a report that an exploit ... exists in the wild."
It's not clear whether attacks have begun, but rumors suggest that exploit has been added to the arsenals of browser exploit kits, prepackaged repositories of malware that lurk in infected web pages and online adds to bombard visiting web browsers with multiple attacks.
If you're running browsers other than Google Chrome, Microsoft Edge or Internet Explorer 11, you'll need to point that browser to the Adobe Flash Player download page at get.adobe.com/flashplayer and manually install the update.
Browsers needing manual updates include Mozilla's Firefox and Opera on all platforms, Internet Explorer 9 on Windows Vista and, if Flash is installed, Apple Safari on OS X. (If you're running IE 6, 7, 8, 9 or 10 on any Windows version other than Vista, it's time to upgrade to IE 11. If you're running Windows XP, it's time for a new operating system.)
If you're a software developer using the Adobe AIR development platform on any operating system, you'll need to manually update AIR at get.adobe.com/air.
Users of iOS needn't worry, as Steve Jobs famously hated Flash and didn't allow it on Apple's mobile platform. Flash Player for Android was long ago discontinued.
Security experts have grown exasperated with Flash Player, which seems to have an endless supply of software flaws that hackers can exploit. By itself, Flash Player accounts for a very large percentage of successful web-based attacks upon Windows PCs, and upon Macs as well.
So there's a very good argument for crippling Flash on your computer, or simply disabling it. If you're a Mozilla Firefox user, you can install the NoScript extension, which will make websites look funny but give you a great deal of control over what runs in your browser.
You could also run an ad blocker, but it won't be entirely effective against stopping Flash-based attacks. Not all Flash attacks will come through ads, and many ad-blocker makers cut deals with ad networks in which the blocker allows ads to display in exchange for, um, "donations."
Alternately, you can set your browser to "click-to-run" Flash, whereby you'll be prompted to manually allow each instance of Flash to run. You'll see what you want to see, and won't see any annoying, noisy Flash-based ads.
Then there's the nuclear option: Disabling Flash permanently. You don't really need it any more, as YouTube has switched over to the native HTML5 multimedia format, and millions of Macs have never had Flash installed. Here's how to disable Adobe Flash Player.