How to really fix the latest Adobe Flash security hole

Another day, another Adobe Flash security hole and another Adobe Flash patch.

Uninstall Adobe Flash from OS X

Uninstall Flash from orbit, ah I mean your system. It’s the only way to be sure.

This time around, the killer security problem was in Adobe Flash Player 21.0.0.242 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. In short, if you were running Flash, you were in trouble.

So what else is new?

Last year, on one infamous day, Adobe announced thirteen — count ’em thirteen — security vulnerabilities in Adobe Flash.

This time around, a successful attack on the flaw could cause give an attacker full access to the affected system. Or, if that didn’t work, it would crash the system. Oh boy.

Kaspersky Lab, which discovered the hole, believes attackers were already using it. In particular, Kaspersky claimed a group called ScarCruft was attacking numerous PCs with it in advanced persistent threat (APT) assaults.

So, that’s the bad news. The good news is you can disable Flash for good on Windows and Macs as detailed in the slide-show below.

You can also disable Flash on any Chrome web browser, or a Chromebook by taking the following steps.

  1. Type the following where you would normally type a URL: chrome://plugins
  2. Locate the Flash Player in the list of plug-ins. You may see more than one Flash Player listed.
  3. Select Disable for each Flash Player listed

If you still want to use Flash, keeping in mind that it will have another major security hole within weeks, you need to download and install the latest patch. This will bring the Flash Player on Windows and Mac OS X to version 22.0.0.192 and on Linux to version 11.2.202.626. Google Chrome’s built-in version of Flash will be automatically updated to version 22.0.0.192 on Windows, Macintosh, Linux and Chrome OS PCs.

Me? Personally, I still have Flash installed but I have it set to run only if I give it permission to load. This isn’t perfect, but it helps.

To do this on Chrome, do the following:

  1. Click Chrome’s menu button and select Settings.
  2. Click Show advanced settings.
  3. Click Content settings under Privacy.
  4. Scroll down to Plug-ins, and select “Let me choose when to run plugin content.”

To set this up on Firefox, take the following steps:

  1. Click the menu button and choose Add-ons.
  2. In the Add-ons Manager tab, select the Plugins panel.
  3. Find Shockwave Flash on the list and set it to “Ask to Activate.”

Getting better control of Flash on Internet Explorer (IE) is a bit more trouble.

  1. Click the gear icon on IE’s toolbar and select Manage Add-ons.
  2. Select Toolbars and Extensions here, click the Show box, and select All add-ons.
  3. Locate the Shockwave Flash Object plug-in under Adobe Systems Incorporated, then right-click it, and select More information.
  4. Click the Remove all sites button.

Is this a spot of bother? Yes. Is it better than letting Flash more or less perpetually keep your PC open to attack? Yes, yes it is.

Related Stories: