CVE-2016-4171 and Disabling Adobe Flash

As has been happening frequently, another Adobe Flash security vulnerability has come to light (called CVE-2016-4171Mitre, Adobe).  Unfortunately, this vulnerability is being exploited in the wild, and, as usual, Adobe won’t have a fix available for several days, at least.

So, what can you – the end user – do to protect yourself?  Many browsers, including Firefox, already have Flash set to click-to-play by default, meaning that you have to click the Flash application before it’ll actually run.  For most people, this is sufficient – Just don’t click on them.  However, you may wish to go a step further and disable Flash entirely until Adobe releases their patch on the 16th.  You may also not have a browser that supports click-to-play.

Steps to Take



UPDATE: June 14th, 2016 12:09PM PST – Fixed the CVE links.