Click to Skip Ad
Closing in...

Hackers found a brand new Flash zero-day vulnerability – here’s what you need to know

Published Feb 2nd, 2018 10:21AM EST
Adobe Flash 0-Day Vulnerability
Image: Microsoft

Stop me if you’ve heard this before, but hackers found a way to attack you via Adobe’s Flash Player, a content platform that just refuses to die.

The new vulnerability is of the zero-day variety, which means all Flash versions are affected, including the latest releases for Linux, Mac, and Windows. The best way to protect yourself against it would be to uninstall it from your machine for the time being. Also, you might want to consider keeping it uninstalled even after Adobe releases a patch for it.

Adobe already released a security advisory (APSA18-01) that describes the CVE-2018-4878 flaw and confirms that all Flash Players up to v28.0.0.137 are affected. Adobe plans to patch the issue in an update expected to be released during the week of February 5th.

The issue affects Adobe Flash Player Desktop Runtime on Linux, Mac, and Windows, as well as Flash Player for Google Chrome and Microsoft Edge.

But there’s even worse news: Adobe confirmed that hackers are already exploiting the vulnerability. “Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users,” Adobe’s note says. “These attacks leverage Office documents with embedded malicious Flash content distributed via email.”

Adobe advises users to enable Protected View so they open documents in read-only mode, and a post on GHacks explains how to do it.

Again, the best way to stay protected right now is to uninstall Flash until a fix becomes available next week.

Chris Smith
Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he closely follows the events in Marvel’s Cinematic Universe and other blockbuster franchises. Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.