Click to Skip Ad
Closing in...

Hackers found a brand new Flash zero-day vulnerability – here’s what you need to know

Adobe Flash 0-Day Vulnerability

Stop me if you’ve heard this before, but hackers found a way to attack you via Adobe’s Flash Player, a content platform that just refuses to die.

The new vulnerability is of the zero-day variety, which means all Flash versions are affected, including the latest releases for Linux, Mac, and Windows. The best way to protect yourself against it would be to uninstall it from your machine for the time being. Also, you might want to consider keeping it uninstalled even after Adobe releases a patch for it.

Adobe already released a security advisory (APSA18-01) that describes the CVE-2018-4878 flaw and confirms that all Flash Players up to v28.0.0.137 are affected. Adobe plans to patch the issue in an update expected to be released during the week of February 5th.

The issue affects Adobe Flash Player Desktop Runtime on Linux, Mac, and Windows, as well as Flash Player for Google Chrome and Microsoft Edge.

But there’s even worse news: Adobe confirmed that hackers are already exploiting the vulnerability. “Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users,” Adobe’s note says. “These attacks leverage Office documents with embedded malicious Flash content distributed via email.”

Adobe advises users to enable Protected View so they open documents in read-only mode, and a post on GHacks explains how to do it.

Again, the best way to stay protected right now is to uninstall Flash until a fix becomes available next week.

Chris Smith started writing about gadgets as a hobby, and before he knew it he was sharing his views on tech stuff with readers around the world. Whenever he's not writing about gadgets he miserably fails to stay away from them, although he desperately tries. But that's not necessarily a bad thing.

Popular News