Adobe issues Flash updates to deal with 'critical' security holes

By Roger Fingas

Adobe has issued a new set of security updates for its Flash Player plugin, dealing with serious vulnerabilities that could allow a hacker to take control of a targeted computer.

For Mac owners, the updates include Flash Player Desktop Runtime 23.0.0.185, Flash Player Extended Support Release 18.0.0.382, and Flash Player for Google Chrome 23.0.0.185. Matching fixes are available for people using Flash on Windows or Linux.

The updates can downloaded using either Flash's included update tool or the Adobe website.

Modern browser makers have increasingly veered away from Flash, which while once useful for games, video, and animation, has largely been supplanted by other technologies -- namely HTML5 -- that pose less of a security threat. For a number of years Flash was one of the main vectors for attackers, forcing Adobe to issue regular patches.

Apple escalated its position against Flash with last month's debut of macOS Sierra. The plugin is disabled by default in Sierra's version of Safari, forcing people to manually activate whenever they encounter a webpage asking for it. Java, Silverlight, and even Apple's own QuickTime are treated the same way.