Critical Flash vulnerability is being exploited in the wild

A critical vulnerability (CVE-2016-4171) exists in Adobe Flash Player 21.0.0.242 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe is aware of a report that an exploit for CVE-2016-4171 exists in the wild, and is being used in limited, targeted attacks. Adobe will address this vulnerability in our monthly security update, which will be available as early as June 16.

The announcement maintains Flash’s unofficial but thoroughly deserved status as the go-to destination for criminals looking for browser-based exploits.

Sadly, this year’s run of four updates in four months isn’t the worst it’s been.

Back in January 2015, Adobe fixed nine Flash vulnerabilities in its patch Tuesday update on 14 January and released three more emergency updates on 23 January, 24 January and 3 February.

Past performance isn’t necessarily indicative of future results but anyone still using Flash needs to ask themselves: just how bad do things have to get before I’ll remove it?

Yes, there are still some useful things that rely on Flash, but events are catching up to them fast.

iOS users have lived without Flash from the get-go. Google’s Chrome browser is hurriedly bundling Flash towards the exit door, and Apple is set to follow suit in its upcoming version of MacOS.

To remove Flash follow Adobe’s guides for uninstalling Flash from Windows and Mac OS X.