“Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system,” Adobe says in its security bulletin.
Well, that’s just great.
Trend Micro, which discovered the flaw, says that targets are receiving phishing emails with URLs that look like news articles, sent to “several foreign affairs ministries from around the globe.” I don’t work for a foreign affairs ministry and you might not either, but nothing is stopping other hackers from taking advantage of the same flaw.
We all like to think we’re smart enough to avoid phishing scams—and I’m sure you are! And we’d like to think Adobe will get this patched soon—the company says it hopes to do that next week. But if you really want to be safe from this flaw, and the next, and the next, and the next, there’s one foolproof step you can take: Uninstall Flash.
To get Flash off of your Mac for good, you’ll need an uninstaller from Adobe. There are distinct versions for OS X 10.6 and later, for 10.4 and 10.5, and even one for 10.1 to 10.3.
Find the uninstaller for the version of OS X that you have. (If you aren’t sure, just click the Apple logo in your menu bar and select About This Mac. The popup window will say.) Click its link to download it to your Downloads folder.
When you launch the uninstaller from your Downloads folder, it runs, and you have to click Uninstall. Just in case you launched the uninstaller but didn’t want to uninstall anything, I guess.
After you enter your account password, you’re prompted to close all your browsers. The uninstaller can do that, or you can quit them yourself.
The uninstaller will do its thing and let you know when it’s done.
Once it’s finished, Adobe recommends you delete a couple of folders from your Library too. To open your home directory’s Library folder, go to the Finder, click Go in the menu bar, and then hold down the Option key to make the Library folder appear in the drop-down menu. Open it, and then find and destroy these two folders:
(Note that Adobe’s instructions don’t include deleting those folders if you are running Mac OS 10.1 to 10.3. Most of you are probably on 10.4 Tiger at least by now.)
If you want to make sure it’s really gone, go to Adobe’s Flash Player Help page and click the Check Now button to check if it’s on your computer.
If you ever want to get Flash again, just re-download the latest version directly from Adobe. It’s a terrible idea to get it anywhere else.
Do you use Flash, or have you kicked it to the curb once and for all Sound off in the comments!