Adobe started to release on Tuesday (6) a security update for Flash Player. The update corrects the critical error released last week. The bug, which was already being exploited by hackers, allows third parties to remotely take control of the computer.
Update 28.0.0161 is available for Windows, MacOS and Linux on the Adobe website (https://get.adobe.com/br/flashplayer/). Windows 8.1 and Windows 10 users using Internet Explorer 11 and Edge browsers should receive the update soon via Windows Update. In Chrome, the fix should arrive along with the new version of the browser.
How and why to clear the Flash cache in the browser
Flash Player has a history of security breaches – Photo: Disclosure / Adobe
The attack that exploits the CVE-2018-4878 vulnerability was discovered in the past few days. It is an Office file containing malicious code that has been spread through e-mail. When opening the document on a machine with the Flash Player installed, the code acted on the system, allowing a malicious hacker to take over the computer.
Although this specific attack is aimed at Windows users, the breach in Flash Player is also present in MacOS, Linux and even Chrome OS in versions 18.104.22.168 or lower. While the fix for the plugin in Chrome does not arrive, the recommendation is to disable the feature in the browser.
Flash has its days numbered, but it is still widely used on the Internet, mainly in some types of browser games. Adobe will maintain support until 2020, when the installer will no longer be available.