Adobe has released a critical update for Adobe Flash Player on the Mac, Linux, and Windows platforms. The update addresses a zero-day exploit that gives hackers complete control over a compromised system. The vulnerability has been documented in the wild.
The vulnerability affects all Macs with Adobe Flash Player version 18.104.22.168 and earlier and all users are urged to update immediately. Adobe has a site where users can check what version of Flash they have installed. The latest version of Flash can be downloaded from Adobe’s website.
From the Adobe Security Bulletin:
Adobe has released security updates for Adobe Flash Player 22.214.171.124 and earlier versions for Windows and Macintosh and Adobe Flash Player 126.96.36.1995 and earlier versions for Linux. These updates address a critical vulnerability that could potentially allow an attacker to remotely take control of the affected system. Adobe is aware of reports that an exploit for this vulnerability exists in the wild, and recommends users update their product installations to the latest versions.
These updates resolve an integer underflow vulnerability that could be exploited to execute arbitrary code on the affected system.
Adobe credited Alexander Polyakov and Anton Ivanov of Kaspersky Labs with discovering the vulnerability.