Despite the fact that in recent years, it has been amply demonstrated that Flash technology is a drain for friends of others, Adobe, still cannot fix all the vulnerabilities that the platform currently suffers, forcing the company last year to announce that it will stop offering support in two years.
But, while that date arrives, we continue to see how the platform continues to offer security holes so that anyone with bad intentions, can access our equipment without trying too hard. The last vulnerability detected is the zero-day type, a type of vulnerability that has been in the software for a long time without the developer having detected it, so right now all computers running Flash are susceptible to an attack.
As of today, no browser offers automatic support for Flash. Every time we visit a web page that uses this technology, the browser will show us a dialog box so that let's confirm that we want to use Flash, limiting its activation to the page we are visiting. Unfortunately, although there are fewer and fewer, we can still find web pages that are only displayed if we activate Flash, a risk that we will have to assume if we want to access that specific website.
According to KR-CERT, the Korean security group that has discovered this vulnerability, the attacker can send deceptive messages for you to download Office files, documents or any other type of file with which can exploit this vulnerability and take control of your computer, is managed by Windows, macOS or Linux, where Chrome, Firefox, Edge, Explorer or Safari are installed, since the vulnerability is in the code. Adobe has recognized this new security flaw and states that on February 5 it will release the umpteenth Flash patch to solve this umpteenth problem with the platform.