It's Time To Kill Adobe Flash

Another day, another Adobe Flash zero-day exploit.

Attackers are exploiting a critical vulnerability in Adobe's widely used Flash Player, and Adobe says it won't have a patch ready until later this week.

They are promising a patch “as early as June 16” for a critical Flash vulnerability, CVE-2016-4171, that’s being exploited in-the-wild. All Flash players in all browsers on all supported operating systems (Windows, Macintosh, Linux and Chrome OS) are at risk.

Security Advisory APSA16-03 from Adobe describes the situation as follows:

A critical vulnerability (CVE-2016-4171) exists in Adobe Flash Player 21.0.0.242 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe is aware of a report that an exploit for CVE-2016-4171 exists in the wild, and is being used in limited, targeted attacks. Adobe will address this vulnerability in our monthly security update, which will be available as early as June 16.

It's time to kill Adobe Flash.

At Digital Certification we recommend to all our clients to remove any Flash features from their websites. Businesses and website owners have a responsibility to protect their customers, specially when there is no longer a pressing need to use Flash as all of its features can be replaced with HTML5, JavaScript and/or CSS.

Let's spend a minute of silence in honour of Flash, a software that was created by Macromedia who was acquired by Adobe in 2005 for a staggering $3.4 billion.

Let's say thank you for all the awesome animations that were made possible thanks to Flash. The web would not be what it is today without Flash.

It served us well in the past, without any doubts, but the time has come to finally let it rest in peace.

UPDATE: Adobe released security updates on the 16th June.