There was a recent update to Adobe Flash Player in December 2017 referring to Microsoft’s Patch Tuesday. This update addresses the medium risk vulnerability and some bugs in Adobe Flash Player.
Version 220.127.116.11 was able to eliminate a vulnerability that couldn’t be recognized at first. But, it was found out that the error has caused the global settings of Flash to reset to the default values. At the same time, this can also affect settings connected to privacy and security. This would include websites that would store data on the computer or access the camera or microphone. However, the said bug has been classified as moderate severity issue without immediate harm to the users.
According to Adobe, the said lone vulnerability will affect Chrome OS, Linux, Macintosh, and Windows platforms. But, even if this security issue has not been exploited by hackers, Adobe has been known to have high risk in the past.
The December Patch is not a big update to the components of Adobe unlike the one released in November 2017. This is when the update was able to contain 62 vulnerabilities in the Reader and Acrobat versions. Only 5 critical patches were released for Adobe Flash Player.
On the other hand, Microsoft has released the final batch of updates for 2017, which fixed over 30 security vulnerabilities in its software. This would have affected users of several versions of Windows and its components, including Microsoft Office, Microsoft Edge, Exchange Server, and Microsoft Windows, as well as the malware protection application called Windows Defender.
The security issues were discovered by the National Cyber Security Center in the U.K.’s GCHQ intelligence agency. The experts have discovered a couple of ways to exploit the critical remote code execution in the anti-malware code of Microsoft. This can happen upon its attempt to scan a file that has been booby-trapped, which would allow attackers to compromise targeted systems.
The said flaw was fixed via an out-of-band patch which users should have received already in an automatic update to its anti-malware engine itself. The company may have been right being cautious by adding the fix again on its regular roundup of patches.
A lot of people surely aren’t ready to leave Flash Player and uninstall it from their computer. This was despite the announcement made by Adobe regarding its plan to stop supporting Flash by the end of 2020.
Well, you can still enjoy using Flash Player on your browser if that is the case. But, a word of advice should be helpful if you consider enabling “Click to Play”, a browser security feature. This would reduce your attack surface by disallowing your browser to render possible malicious content, unless you have given permission to run.
Therefore, if there is a maliciously-coded Flash file, it will not execute. This is opposed to allowing them to run automatically upon visiting a compromised website.
Overall, it is always important not to turn a blind eye especially when there are security updates available. This is regardless of the software vendor where it came from. Take note that software can automatically be updated, which reduces the chances for hackers to exploit possible flaws.