Zero-day vulnerability in Flash (Linux, Windows, OS X)

Chrome users should already be updated and Firefox probably pushes out an update, too. Under Linux, you're probably using a much older version of Flash (unless you're using Chrome) that wouldn't be vulnerable in this particular fashion. There's a link in the article to check the version you're using though, compared to the latest one available for your platform and browser.

Thanks for posting, Jason!

I don't see where it says that, much older versions of Flash, as used under Linux, wouldn't be vulnerable?
The article just says all older versions of Flash are vulnerable.

I have updated my Flash in Win OS.

On my Linux Mint 17.3, Synaptic is showing Flash is version and this vulnerability is affecting Linux Flash version and earlier. So it appears I am good to go.

In other articles, it is now saying that this vulnerability is actually in all versions of Flash, but the exploit software is actually degraded, to only attack older versions of Flash.

Ransom ware is now reported to be part of this exploit.

I didn't really explain myself correctly. What I meant is that in the cases where you're using Linux flash (non-Chrome), which is in the 11.x series instead of the 21.x series, I'm sure they backported updates to that series. So, if you're using the latest version of Flash for your platform, you're good to go.

I note that Brian Krebs suggests disabling Flash entirely. I don't think that's really necessary, but you can and probably should set Flash to click-to-enable if you need it. I don't know about other browsers but this is easy to do in Chrome. It's under Settings -> Advanced Settings -> Privacy -> Content settings -> Plugins. Set to "Let me choose when to run Plugin content". It has the side effect of blocking those annoying Flash ads that start with no warning, too. I'm not promoting Chrome; I just don't know how to do it in other browsers.


Computer enthusiast, beginner programmer, political geek.