Adobe acknowledges critical remote vulnerability in Flash, exploits already in the wildAdobe on Saturday released an updated version of its Flash player software that patches an undisclosed vulnerability which could allow remote attackers to take control of Macs or PCs, urging users to update as the problem is being actively exploited by malicious actors.
Flash versions up to and including 188.8.131.527 on OS X and Windows and 184.108.40.2068 on Linux are susceptible to the attack, the cause of which has yet to be detailed. Mac users with Adobe's automatic update feature enabled should begin receiving updates to version 220.127.116.116 immediately, and the company is preparing a standalone patch for manual installation to be released this week. Adobe is also working with Google to update the embedded version of Flash included in the Chrome browser.
The vulnerability— which has been assigned CVE number 2015-0311— is "being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below," Adobe said in a security advisory. A "drive-by-download" attack is one in which software is downloaded to a user's computer without their knowledge or explicit consent.
Adobe defines CVE-2015-0311 as "critical," meaning a "vulnerability, which, if exploited would allow malicious native-code to execute, potentially without a user being aware."
Users can check the version of Flash installed on their system by visiting Adobe's About Flash Player page or right-clicking on Flash content in their browser and choosing "About Adobe (or Macromedia) Flash Player" from the contextual menu. Instructions for enabling automatic updates or manually updating Flash can be found here.
On Topic: Mac OS X
- Apple updates Final Cut Pro X with Magnetic Timeline, redesigned UI for new MacBook Pro Touch Bar
- macOS virtual keyboard system resources lack function keys, suggest 'Magic Toolbar' legit
- Long-awaited Sid Meier title Civilization VI arrives on macOS
- Apple updates macOS Sierra to 10.12.1 with Mail, Safari, Photos fixes
- Trade-in coupon: $20 cash bonus when you trade in your old Mac ahead of rumored 2016 MacBook Pros