Adobe today released a security bulletin addressing a critical vulnerability (CVE-2014-0497) in its Flash product that could allow an attacker to remotely take control of an affected system. The company says it is aware of reports that the security hole is being exploited in the wild.
Affected versions include Flash Player 220.127.116.11 and earlier for Windows and Macintosh as well as Flash Player 18.104.22.1685 and earlier for Linux. As such, Adobe recommends that users update their product installations to the latest versions:
- Users of Adobe Flash Player 22.214.171.124 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 126.96.36.199.
- Users of Adobe Flash Player 188.8.131.525 and earlier versions for Linux should update to Adobe Flash Player 184.108.40.2066.
- Adobe Flash Player 220.127.116.11 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 18.104.22.168 for Windows, Macintosh and Linux.
- Adobe Flash Player 22.214.171.124 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 126.96.36.199 for Windows 8.0.
- Adobe Flash Player 188.8.131.52 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 184.108.40.206 for Windows 8.1.
F**k it, we'll do it live!
Our biggest ever edition of TNW Conference is fast approaching! Join 10,000 tech leaders this May in Amsterdam.
In other words, unless you’re using the latest versions of Chrome or Internet Explorer, you’ll want to manually update Adobe Flash immediately. You can get the latest version now directly from the Adobe Download Center.
While the vulnerability also exists in Adobe Flash for Linux, Adobe has given the issue a lower priority rating of 3, compared to 1 for Windows and Mac. Nevertheless, we recommend Linux users to update, even if their systems aren’t currently being targeted in the wild.
See also – Adobe announces rapid release cycle for Flash, starting now with version 11.5 and Adobe introduces support for 3D printing to Photoshop, brings a glut of new features to its Creative Cloud apps
Top Image Credit: Vangelis Thomaidis