Symantec has confirmed the existence of a new zero-day vulnerability in Adobe Flash which could allow attackers to remotely execute code on a targeted computer. Since details of the vulnerability are now publicly available, it is likely attackers will move quickly to exploit it before a patch is issued.
I have been limiting my exposure to Flash for a while.
- I use Safari as my daily browser. Flash is not installed directly on my Mac.
- For anything that needs Flash, I use Chrome, where it’s integrated with the browser and automatically updated by the Chrome update process. It’s set in “Click to Run” mode, so it only activates when I let it.
- In my Windows 10 VM, Flash is completely disabled in Microsoft Edge and Internet Explorer. It does have Java enabled, but for reasons beyond my control. (EMC and Cisco)
Now I just need VMware to quit writing every new web interface as Flash dependent.