Adobe rushed out an emergency patch yesterday (Oct. 26) for yet another Adobe Flash Player flaw. The flaw, assigned the code name CVE-2016-7855, can hijack almost any kind of computer remotely, and was discovered by malicious hackers, not security researchers. It's imperative that you patch your Flash browser plugins immediately, or consider limiting Flash's abilities or disabling it altogether.
"Adobe is aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10," the Adobe security bulletin reads.
Even by Flash's rather low standards, this vulnerability could be pretty disastrous. While the company (understandably) won't explain exactly how the bug works just yet, Adobe said that the vulnerability could allow an unauthorized hacker to "take control of an affected system."
Worse still, the flaw has the potential to affect not only Windows, but OS X/macOS, Linux and Chrome OS as well. Adobe rates the bug "critical," meaning that it can affect users' systems without their knowledge or (even unwitting) consent.
At the risk of repeating ourselves, uninstall Adobe Flash. Most respectable sites have moved onto HMTL 5, and Flash tends to be on the receiving end of unsavory malware more often than the average video protocol.
The average user is probably not at risk just yet because the attacks so far have been targeted to specific types of individuals, but that's no excuse to hold off on patching the software.
If you use Google Chrome or Microsoft Edge or Internet Explorer 11, the update will come automatically. Otherwise, on Firefox, Safari or Opera, or older versions of Internet Explorer, you'll want to visit Flash Player's "About" web page to see whether you have the latest software installed. (On Linux, you ought to have version 184.108.40.2063; on every other platform, you ought to have version 220.127.116.11.) If you do, you're safe; if not, it will direct you to install the latest version.
While patching Flash player is simple enough, given the protocol's preponderance of bugs and glitches — some of which show up in the wild before a patch is developed, like this one — it's high time that users kicked Flash to the curb unless they absolutely need it. Read our guides on how to make Flash "click-to-run" (which will prevent it from running automatically) and how to disable Flash altogether.