After discovering a previously unknown remote exploit, Adobe Systems, Inc. has released a critical security patch for Flash Player. They are urging all users to download the latest version as soon as possible.The security bulletin said that the updates are meant to address a critical security vulnerability that would allow a malicious attacker to remotely exploit the affected computer. Adobe said they are aware of reports stating that this exploit exists in the wild.
The advisory stated that the security updates for the flaw (CVE-2014-0497) were released for the following versions of Adobe Flash Player:
- Users of 220.127.116.11 and earlier for Windows and Macintosh should update to 18.104.22.168
- Users of 22.214.171.1245 and earlier for Linux should update to 126.96.36.1996
- 188.8.131.52 installed with Chrome will automatically be updated to the latest Google Chrome version, which will include Flash Player 184.108.40.206 for Windows, Macintosh and Linux
- 220.127.116.11 installed with IE 10 will automatically be updated to the latest IE 10 version, which will include Flash Player 18.104.22.168 for Windows 8
- 22.214.171.124 installed with IE 11 will automatically be updated to the latest IE 11 version, which will include Adobe Flash Player 126.96.36.199 for Windows 8.1
Adobe thanked Alexander Polyakov and Anton Ivanov, researchers from Kaspersky Lab, for finding and reporting the vulnerability to them.
How To Update Your Flash Player:
- Check to see if you have the most recent update already installed here
- Download the latest version here. As Brian Krebs reminds, make sure you uncheck the boxes for the McAfee Security Scan if you’re not interested.
Since Flash is so prevalent on the web, it’s vital to keep your organizations applications and software updated. Remind employees to update their systems, and administer a mass update if you’re able. Corporations, especially major enterprises, are vulnerable to remote exploits such as the one Adobe is patching in this update. There’s just so much juicy data and intellectual property that could be sold for a pretty penny or used for other malicious purposes. There’s too high a risk in not updating your Flash Player today, both at home and in the office, so take a few minutes and patch it up, and if you’re on the security team at your organization, consider sending a mass email reminding everyone to do the same.
Read Adobe’s Security Bulletin here.