Yet another Adobe Flash Critical issue! 16.0.0.305 is out

[Elixer]

Another day, another critical issue with flash.
Someone needs to kill flash and put it out of its misery.

BTW, you can get crypto ransomware if you don't patch, and go to a site that has the exploit.

A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below.

UPDATE (February 4): Users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 16.0.0.305 beginning on February 4. This version includes a fix for CVE-2015-0313. Adobe expects to have an update available for manual download on February 5, and we are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11.

https://helpx.adobe.com/security/products/flash-player/apsa15-02.html

 

[Chiefcrowe]

As Flash 0day exploits reach new level of meanness, what are users to do?

http://arstechnica.com/security/201...ch-new-level-of-meanness-what-are-users-to-do

 

[MustISO]

Why does anyone still have flash installed at this point?

 

[John Connor]

Why do many websites use flash instead of HTML 5 is the question.

 

[TheRyuu]

As Flash 0day exploits reach new level of meanness, what are users to do?

Use Chrome.

Why does anyone still have flash installed at this point?

Because websites still require it (like twitch.tv for example).