The security bug is already being used by hackers. The company said in a statement that in an attack targeting Windows users, criminals email a Microsoft Office file with malicious code. According to Adobe, the loophole allows third parties to take control of the computer.
Virus showing porn ads found in app for children
Security vulnerability is common in the Adobe plugin – Photo: Disclosure / Adobe
The CVE-2018-4878 vulnerability affects all versions of Flash. In the desktop application, it compromises the security of Windows, macOS and Linux. In the Google browser plugin, it also affects Chrome OS. In the version for the Edge and Internet Explorer 11 browsers, it can compromise the security of Windows 10 and Windows 8.1.
The way the bug acts on the system was not very detailed. Adobe says only that an attacker could take control of the system. As it was considered a critical error, the recommendation is to uninstall Flash Player or disable it in the browser, while there is still no definitive solution. The company says an update will be released soon.
In addition, avoiding opening email attachments from strangers is also important. Adobe has identified that hackers are sending malicious scripted Office files in an attempt to exploit the security bug in Flash.
Security errors in Flash Player are nothing new. Although HTML5 has gained ground in recent years, the Adobe plugin is still widely used on the Internet – it is needed to access some types of browser games. Due to countless bugs, Adobe will stop distributing and updating the component, but guaranteed support until 2020.
