Adobe Flash Hit by Hackers Yet Again; Turn It Off Now

News
By published

Once again, Adobe Flash Player has been hit by a zero-day vulnerability that lets attackers seize control of Web-browsing computers.

UPDATED noon EDT, Friday Oct. 16, with news that Adobe has patched the latest flaw.

For what feels like the umpteenth time, a zero-day exploit has been found attacking Adobe Flash Player. This time, the exploit is part of an ongoing cyberespionage campaign possibly linked to Russia, but the fact that few users are affected (so far) doesn't diminish the chronic threat posed by Adobe's repeat offender of a browser plugin.

Image: Zepedrocoelho/Shutterstock

Image: Zepedrocoelho/Shutterstock

Adobe posted an advisory warning yesterday (Oct. 14) on its website, but no patch for the vulnerability has been released, despite a host of other patches having been pushed out the previous day. The warning states that Adobe doesn't expect a patch to be ready until next week.

MORE: Identity Theft Victim? Here's 6 Things You Need to Do

The new Flash exploit is part of recent attacks by the spies behind the Pawn Storm campaign, which for the past year has been targeting potential adversaries of the Russian government. Security firm Trend Micro reports that the Flash exploit has been used in highly targeted spear-phishing attacks that sent email messages containing malicious Web links to "several foreign-affairs ministries from around the globe."

The emails bear subject lines such as "Russia warns of response to reported US nuke buildup in Turkey, Europe" and "Israel launches airstrikes on targets in Gaza." The expectation is that curious diplomats will click through to the malicious websites, thus compromising their Web browsers and, depending on the accompanying malware, their Windows, Mac or Linux computers.

Adobe states that "this vulnerability is being used in limited, targeted attacks," but in fact, it's yet another reminder that only you can prevent Flash attacks.

We advise all users to simply disable Flash. We walk you through most browsers in this tutorial, and there are instructions available at Laptop Mag if you use Microsoft's new Edge browser. Still need Flash for some reason? Here's how to set Flash to click-to-run, which will at least prevent malicious Flash exploits from loading immediately.

UPDATE: Adobe posted a patch for the Pawn Storm exploit Friday. Microsoft's Edge browser and Internet Explorer 11 on Windows 10, and IE 10 or 11 on Windows 8 or 8.1, will be automatically updated, as will Google Chrome on all platforms. Otherwise, users will have to manually update Flash by visiting the official download page.

See more Computing News
TOPICS
Henry T. Casey
Henry T. Casey
Managing Editor (Entertainment, Streaming)

Henry is a managing editor at Tom’s Guide covering streaming media, laptops and all things Apple, reviewing devices and services for the past seven years. Prior to joining Tom's Guide, he reviewed software and hardware for TechRadar Pro, and interviewed artists for Patek Philippe International Magazine. He's also covered the wild world of professional wrestling for Cageside Seats, interviewing athletes and other industry veterans.

Latest in Online Security
23andME box
23andMe has declared bankruptcy — here's how to delete your data now
A magnifying glass on top of the Steam logo in a web browser
Valve just pulled a malicious game demo spreading info-stealing malware from Steam
A man filing his taxes electronically on a laptop
AI-powered tax scams are here - how to stay safe from deepfakes, phishing and more this tax season
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
Hacker using a stolen social security card
Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Latest in News
Apple Watch Ultra 2
Apple Watch Ultra 3 just tipped for two major upgrades
NYTimes Connections
NYT Connections today hints and answers — Tuesday, March 25 (#653)
Titus Welliver in Bosch Legacy season 3
‘Bosch’ season 3 preview: 5 things to know before the final season on Prime Video
A first look at Amazon's Fallout TV series coming to Prime Video
‘Fallout’ season 3 plans are reportedly being made — while season 2 is still filming
Surface Laptop 7 from the front
Amazon just gave Surface Laptop 7 a 'frequently returned' label — here's what's going on
New emojis with iOS 18.4 beta release.
iOS 18.4 beta brings 8 new emoji to your iPhone — here's all the new options
More about online security
23andME box

23andMe has declared bankruptcy — here's how to delete your data now

A man filing his taxes electronically on a laptop

AI-powered tax scams are here - how to stay safe from deepfakes, phishing and more this tax season
The Amazfit T-Rex 3 shown close-up on a user's wrist with the snorkeling and surfing workout tracking modes displayed; colorful flowers are out of focus in the background

I went surfing and snorkeling with the Amazfit T-Rex 3 — here's why I prefer it to the Apple Watch Ultra 2 for water sports

See more latest
3 Comments Comment from the forums
  • TechyInAZ
    It never ends. I can't wait until HTML5 video becomes the norm.
    Reply
  • LePhuronn
    This, as usual, is purely sensationalist journalism joining the fight to force Adobe to kill Flash. How about, instead of panicking and turning off Flash in your browser, learn how to use your computer properly? Y'know, don't click on links in emails like a retard.
    Reply
  • Paul Wagenseil
    Because, Lephuronn, most browser-exploit malware attacks without warning and without user intervention. A good browser exploit kit will never let the user know that it's successfully infected the computer. And Flash Player is one of the most common ways in.
    Reply
Most Popular
Vanilla Decaffeinato
I'm a decaf drinker — here's why Nespresso's latest drop has finally persuaded me to buy a Vertuo machine
Snow White (Rachel Zegler) holding a bird in a scene from the live-action "Snow White" remake
When is 'Snow White' coming to streaming? Here's our best guess
Titus Welliver in Bosch Legacy season 3
‘Bosch’ season 3 preview: 5 things to know before the final season on Prime Video
Robert Pattinson in "Mickey 17" movie (2025)
5 top new movies to stream this week on Netflix, Prime Video and Disney Plus (March 25-31)
Apple Watch Ultra 2
Apple Watch Ultra 3 just tipped for two major upgrades
NYTimes Connections
NYT Connections today hints and answers — Tuesday, March 25 (#653)
NYT Strands on a cellphone
NYT Strands today — hints, spangram and answers for game #387 (Tuesday, March 25 2025)
Two members of our review team photographed during a pressure relief test on the Saatva Classic mattress, with one typing notes into a laptop and the other measuring the amount of sinkage caused by a 56lb cast iron weight being dropped into the middle of the Saatva Classic mattress
People with this bed type are most satisfied with their mattress — and it’s not what we expected
A first look at Amazon's Fallout TV series coming to Prime Video
‘Fallout’ season 3 plans are reportedly being made — while season 2 is still filming
New emojis with iOS 18.4 beta release.
iOS 18.4 beta brings 8 new emoji to your iPhone — here's all the new options