BGR reported Thursday that Adobe has confirmed “a major security vulnerability that affects all versions of Flash for Windows, Mac, and Linux.” Adobe says this vulnerability is being used by hackers, although for very targeted attacks—phishing, in other words.
“Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system,” Adobe says in its security bulletin.
Well, that’s just great.
Trend Micro, which discovered the flaw, says that targets are receiving phishing emails with URLs that look like news articles, sent to “several foreign affairs ministries from around the globe.” I don’t work for a foreign affairs ministry and you might not either, but nothing is stopping other hackers from taking advantage of the same flaw.
We all like to think we’re smart enough to avoid phishing scams—and I’m sure you are! And we’d like to think Adobe will get this patched soon—the company says it hopes to do that next week. But if you really want to be safe from this flaw, and the next, and the next, and the next, there’s one foolproof step you can take: Uninstall Flash.
To get Flash off of your Mac for good, you’ll need an uninstaller from Adobe. There are distinct versions for OS X 10.6 and later, for 10.4 and 10.5, and even one for 10.1 to 10.3.
Find the uninstaller for the version of OS X that you have. (If you aren’t sure, just click the Apple logo in your menu bar and select About This Mac. The popup window will say.) Click its link to download it to your Downloads folder.
After you enter your account password, you’re prompted to close all your browsers. The uninstaller can do that, or you can quit them yourself.
Once it’s finished, Adobe recommends you delete a couple of folders from your Library too. To open your home directory’s Library folder, go to the Finder, click Go in the menu bar, and then hold down the Option key to make the Library folder appear in the drop-down menu. Open it, and then find and destroy these two folders: