Yet another critical security flaw in Adobe's Flash has been discovered and is being exploited on the Mac, Windows, and Linux computers. Directly linked to Pawn Storm, it can let hackers take control over your computer, and the only fix for now is to uninstall Flash.
Another day, another zero-day exploit for Adobe Flash
Pawn Storm has a history of using cyber-espionage to target political figures and government agencies around the world. This latest Flash-based attack focused on foreign affairs ministries, according to Trend Micro. The security research company stated,
In this most recent campaign, Pawn Storm targeted several foreign affairs ministries from around the globe. The targets received spear phishing e-mails that contained links leading to the exploit. The emails and URLs were crafted to appear like they lead to information about current events.
The firm said this latest Flash security flaw affects at least versions 220.127.116.11 and 18.104.22.168. Adobe offered some clarification saying all Flash versions including 22.214.171.124 and earlier for the Mac and Windows, and 126.96.36.1995 and earlier for Linux are vulnerable to the attack.
Adobe says it hopes to have a patch for the flaw available next week, but didn't offer any other details on that time frame. Until then, the only truly effective way to protect your computer from the flaw is to uninstall Flash.
Flash has a long history of serious security flaws, and companies have been dropping support for the platform for years. Amazon is among the latest big name companies to abandon Flash, and The Mac Observer has said it's time for everyone to put and end to Flash support, too.
This latest zero-day exploit is yet another reason do abandon Flash, and to let the sites you visit that still rely on the multimedia platform that it's time for them to move on, too.
To remove Flash from your computer, download the uninstaller for the version of OS X you're using on your Mac. (See, for example, "Everything You Need to Know: Survive Without Flash on Your Mac" with some helpful notes and links.) Uninstallers for OS X 10.3 and earlier as well as OS X 10.4 and later are available at Adobe's support website, linked in the above article.