Adobe has confirmed another major vulnerability in its Flash Player just one day after releasing its monthly security update. The exploit, which affects Flash users across all platforms, including Windows, Mac, and Linux, allows attackers to crash and seize complete control of the user’s system. This grants attackers full access to users’ webcams, files, browsing history, online banking information, and any other sensitive data contained on the machine, opening the door for full-scale identity theft.
Adobe Flash is a software platform commonly used for animations, browser and mobile games, applications, interactive media, online advertisements, streaming video, and more. Though its popularity has dwindled consistently in recent years (in large part due to known security issues), many websites and applications still employ Flash for a variety of uses.
As of the time this posting, Adobe has issued a security bulletin containing an update to the vulnerable version of Flash, however the safest option for all users is to uninstall Flash. Thankfully, most users should be able to get by without the software installed on their machines, as many modern platforms have been slowly moving away from Flash.
To uninstall Flash Player from your Windows machine, follow these instructions. Mac users can find instructions here. Finally, to disable Flash in your browser, see these instructions for a complete list of modern browsers.
For more technical details and deeper explanation, you may download Feynman Group’s security brief: FeynmanGroup_FlashSecurityBrief_101615