As has been happening frequently, another Adobe Flash security vulnerability has come to light (called CVE-2016-4171 – Mitre, Adobe). Unfortunately, this vulnerability is being exploited in the wild, and, as usual, Adobe won’t have a fix available for several days, at least.
So, what can you – the end user – do to protect yourself? Many browsers, including Firefox, already have Flash set to click-to-play by default, meaning that you have to click the Flash application before it’ll actually run. For most people, this is sufficient – Just don’t click on them. However, you may wish to go a step further and disable Flash entirely until Adobe releases their patch on the 16th. You may also not have a browser that supports click-to-play.
Steps to Take
Firefox
- Enabling Click-To-Play on Firefox – You can also disable Flash entirely by choosing Never Activate.
- QuickJava – Just hit the F button to toggle Flash. I personally use this.
Chrome/Chromium
- How do I enable Click-To-Play in Chrome?
- How to disable Flash in Chrome
- There’s also some plugins, like FlashControl and others, but I haven’t personally tested them.
UPDATE: June 14th, 2016 12:09PM PST – Fixed the CVE links.