Flash zero-day, again

Symantec has confirmed the existence of a new zero-day vulnerability in Adobe Flash which could allow attackers to remotely execute code on a targeted computer. Since details of the vulnerability are now publicly available, it is likely attackers will move quickly to exploit it before a patch is issued.

I have been limiting my exposure to Flash for a while.

  • I use Safari as my daily browser. Flash is not installed directly on my Mac.
  • For anything that needs Flash, I use Chrome, where it’s integrated with the browser and automatically updated by the Chrome update process. It’s set in “Click to Run” mode, so it only activates when I let it.
  • In my Windows 10 VM, Flash is completely disabled in Microsoft Edge and Internet Explorer. It does have Java enabled, but for reasons beyond my control. (EMC and Cisco)

Now I just need VMware to quit writing every new web interface as Flash dependent.