Adobe just released another large patch release for Flash that includes 19 patches. One of the patches is for a zero day exploit that Adobe says is being exploited in the wild. This brings the patch total for 2015 to a little over 300.
I made a decision a couple of months ago to disable Flash in Chrome and Firefox, the two browsers that I use, just to see what the impact would be.
First, I like the way Firefox handles it better than Chrome’s handling. Firefox gives you three options – enable, disable or ask me. Chrome does not have the last one, so if you disable Flash and you go to a web site that needs it, your experience is that the page seems to hang. Not very friendly. In Firefox, you get a link that says do you want to activate and if you do, do you want to activate it just once or forever. I really like the friendliness of this approach.
In reality, there have been very few sites that don’t work. What I really miss is those ads with dancing bears. NOT! Those don’t appear.
So my suggestion is to install the update, but set it to not run automatically.
Oh, wait, I forgot. If you are one of the 12 people that still use Internet Explorer, it appears that you are out of luck. I’d change browsers. From Windows 8 on, Microsoft has integrated Flash into IE so there is no way to disable it. It will get updated by way of Windows update, so at least that is good, but there is no way to protect yourself from zero day attacks. Just one more reason not to use Internet Explorer.
So, the Flash saga continues. Until a large percentage of the user base disables Flash, advertisers (and the malware inside the advertising) will continue to use Flash to attempt to infect your computer. Join the revolution and disable Flash.
To disable Flash in Firefox, open Firefox and type About:addons and select Ask To Activate next to Shockware Flash.
To Disable Flash in Chrome, open Chrome and type Chrome://plugins and uncheck the Flash plugin
To see what version of Flash you have installed, go to http://www.Adobe.com/software/Flash/About .
Information for this post came from KrebsOnSecurity.