Adobe Flash flaw which created zero day vulnerability on Windows 10 platform was fixed in the early hours of Friday by Adobe’s latest update. Adobe has released security updates for adobe flash player for Windows, Macintosh, Linux and ChromeOS. These flaws will address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
All those who have set their Windows 10 ‘update settings’ as automatic will get the patch in an automated way, while those who aren’t have to manually install the patch.
According to some security analysts, the bug allows an attacker to send booby-trapped content to the browser’s flash plug-in in such a way that the user browser will not only crash, but also hand over its control to the attacker in the process.
Paul Ducklin, a security analyst at Sophos has revealed the technical name of this exploit as Remote Code Execution (RCE), also known as a drive-by-download or a drive-by install. Paul’s suggestion to duck this vulnerability is to dump flash forever which might be surprising.
“For those who have used flash for years will definitely feel bewildered when we ask them not to use”, said Mo. Thus, he added that the only way to stay out of this trouble is to keep Flash up to date and set the browser to “ click to play” so flash only runs when you give it permission.
The flash flaw comes as Microsoft follows the lead of rival browser makers by introducing a flash blocking feature into its Edge Web browser.
Have something to share on this topic?
Please feel free to share your views through comments section below.