Flash has already suffered three zero-day exploits in 2015

Back in 2010, Steve Jobs called for the death of Flash. Five years later, the need for Flash is diminishing, but days like this make one wish the process were further along.

The year for Flash started with the CVE-2015-0310 security bulletin and the corresponding fix, version Just as that fell into our hands, Adobe warned about yet another flaw with CVE-2015-0311 and delivered to the world. Now, in an effort to make this more humorous, Adobe has released CVE-2015-0313 along with the update.

These rapid-fire, back-to-back problems are irritating. The issue is compounded by the hoops one has to jump through to update Flash. The Adobe Update tool only updates Internet Explorer or your Plugin Browser (e.g. Firefox), but not both at the same time. The updater also has a nasty habit of only checking for new builds after a full login—not after returning from sleep. Windows 8 and 8.1, meanwhile, rely on a completely different mechanism that pushes out Internet Explorer Flash updates via Windows Update. Your Plugin Browser in Win8 or 8.1 requires a manual update. And Chrome, unlike Firefox and IE, receives its Flash updates through a browser update mechanism. Got all that?

Malwarebytes is reporting that the latest exploit (CVE-2015-0313) has been under active attack since December 3. Part of the success has been fueled by exploit kits being sold online, making it easy for script kiddies to get into the game. What are the bad guys using it for? Invincea says the poison of choice is crypto ransomware. Given the ubiquity of Flash and the fact that malicious adverts are being pushed on trusted domains, this puts everyone at risk, including laymen and experienced user alike.

With the sad situation laid bare, let's get to talking about what we can do to close off this vulnerability.

I have one more important detail to provide as I wrap this up. Normally, the PC world gets to enjoy such misery on its own, but this problem also exists for Mac users. Hi guys!

Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.