PC owners and admins will want to upgrade their copies of Flash to version 184.108.40.206 or later in order to get the patch or just dump the damn thing all together.
The November 20 security update addresses a single flaw, designated CVE-2018-15981. It is a type confusion bug that can be exploited to achieve remote code execution. Basically, an attacker could slip the exploit code into a Flash .swf file, put it on a web page, and covertly install malware on any vulnerable machine that visits the page.
Because Adobe does not maintain a fixed patching schedule for Flash Player, this isn't technically considered an out-of-band band-aid. However, the update does come just one week after Adobe pushed out ahandful of fixes for Patch Tuesday, including one for an information disclosure vulnerability in Flash Player.
That Adobe would post another update just one week after their last patch should underscore that CVE-2018-15981 is a serious enough vulnerability to be a priority fix for users and admins.
After installing this latest fix, those who are tired of the constant security threats might also want to consider taking the advice of multiple security expertsand developers and at least disable Flash by default if not permanently.
The notoriously vulnerable plugin has long since been surpassed by html5, and most major websites have already transitioned away from Flash, leaving it only really useful for specific sites and applications.
Even Adobe wants to kill off Flash. The Photoshop giant has said thatby 2020 it plans to formally retire the plugin once and for all.
Sponsored: Following Bottomline’s journey to the Hybrid Cloud