If there is one constant in the universe, it's that Adobe has to fix something with its Flash Player on a regular basis. It turns out the holiday season is no exception because earlier this week the company released another batch of security updates for the Adobe Flash Player across multiple operating systems.
Adobe said these updates are meant for Adobe Flash Player versions up to 22.214.171.124 for Windows, macOS, Linux, and Chrome OS. (So essentially all of the platforms that currently support Flash.) It didn't offer more info about the patch, but it did say exploiting the vulnerability could lead to "successful exploitation could lead to arbitrary code execution in the context of the current user," and that details are "publicly available."
Which, of course, means that hackers already know about the vulnerability and will probably race to exploit it before people update. Because it's a holiday weekend in the U.S. and few people think about Flash as it is, that means the number of people affected by the issue could be high. Shout-out to all the IT workers spending their days updating Adobe Flash Player instead of celebrating the holidays with their loved ones.
By now Flash having security problems has become a meme. Every few months we cover a new update, whether it's Adobe and Microsoft teaming up to resolve a vulnerability in February or Adobe doing it solo in June, and we don't even write about every security problem in the utility. Even as Flash becomes irrelevant, the tool's nigh ubiquity makes it a compelling target for hackers looking to compromise as many systems as possible.
Earlier today we reminded everyone that Thanksgiving is about, well, giving thanks. At the time we said we were thankful not to be working at Microsoft because of the Windows 10 October 2018 Update's apparent inability to reach everyone in its stated launch window. Now we have something else to be thankful for: the knowledge that Flash is finally going to stop being such an attractive target when it's shut down in 2020.