It wasn’t too long ago that Adobe released a zero-day vulnerability emergency patch, which dealt with nine vulnerabilities that could let hackers remotely control your computer.
According to Adobe, they don’t know of any public exploits that were used against the latest vulnerabilities. It said the desktop version 18.104.22.168 and previous versions were affected, both on the Mac OS and Windows OS firmware.
Adobe Flash Players users are being urged to visit the company’s website to attain the latest version – 22.214.171.124. The company said this was a scheduled update; the other was an emergency update that deals with the exploit CVE-2016-7855, which was used in limited target attacks.
It’s a bit reassuring to know Adobe deal with the zero-day exploit rather quickly after the company was made aware of it. Still, Google rubbed Adobe the wrong way by released intimate details about the vulnerability. Google has a disclosure policy for vendors – 60 days to fix the critical vulnerability before it makes users aware of the risk and how to fix it temporarily. The policy was stated in 2013, which also said critical vulnerabilities with an active exploitation would get a seven-day deadline.
Adobe is trying to find and fix all problems with the Flash Player. The reality though is that Flash Player has always had problems – large and small – and it may or may not be around much longer. Why? It’s because HTML5 is regarded as much more secure and more popular.