In a security bulletin published on its website, Adobe explained that the security patch addressed a “critical vulnerability that could potentially allow an attacker to remotely take control of the affected system”, and that it was aware of reports that the “integer underflow vulnerability” was being exploited in the wild by attackers.
Clearly Adobe thinks the issue is serious if it is taking the step to issue an out-of-band security patch.
Here are the details of what you need to do (if anything), dependent on which version of Flash Player and which operating system you use.
- Users of Adobe Flash Player 18.104.22.168 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 22.214.171.124.
- Users of Adobe Flash Player 126.96.36.1995 and earlier versions for Linux should update to Adobe Flash Player 188.8.131.526.
- Adobe Flash Player 184.108.40.206 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 220.127.116.11 for Windows, Macintosh and Linux.
- Adobe Flash Player 18.104.22.168 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 22.214.171.124 for Windows 8.0.
- Adobe Flash Player 126.96.36.199 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 188.8.131.52 for Windows 8.1.
Details on how to find out which version of Adobe Flash you are running, and where to obtain the security updates, can be found in Adobe’s security bulletin.
In the past Adobe security flaws have been exploited widely by online criminals to infect unprotected computers, so internet users would be wise to take the threat seriously and patch their systems as appropriate.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.