Adobe Issues Critical Flash Update, All Users Urged to Upgrade
Adobe on Tuesday released a critical update for its Flash Player software. Version 18.104.22.168 reportedly addresses a serious security vulnerability that would allow an attacker to completely take over a compromised system. Users of Flash Player on all platforms are urged to upgrade to the latest version as soon as possible.
Adobe has released security updates for Adobe Flash Player 22.214.171.124 and earlier versions for Windows and Macintosh and Adobe Flash Player 126.96.36.1995 and earlier versions for Linux. These updates address a critical vulnerability that could potentially allow an attacker to remotely take control of the affected system.
Adobe is aware of reports that an exploit for this vulnerability exists in the wild, and recommends users update their product installations to the latest versions
Users unsure of which version of Flash they have installed can quickly verify it by visiting Adobe’s About Flash Player page. The user’s current version will be displayed in a box on the right side of the screen. Those running a version lower than 188.8.131.52 can grab the latest build for their system from the Get Flash Player page.
Of note, some Web browsers, such as Google Chrome and Internet Explorer for Windows 8, include an embedded version of Flash. Users of these browsers will have to wait for an update from their respective companies to get the latest embedded version, although all users can still download the desktop version of Flash Player.
OS X users who have never manually installed Flash need not worry about the security issue. The company publicly parted ways with the Adobe platform in 2010 when the third-generation MacBook Air shipped with a special build of OS X that omitted a bundled version of Flash for the first time. OS X users can still use Flash, but they must manually install it from Adobe’s website or use a Web browser such as Chrome.
In its Security Bulletin for the latest Flash update, Adobe credited Alexander Polyakov and Anton Ivanov of Kaspersky Lab for reporting the original security vulnerability. To prevent further risk to users, Adobe declined to publicly detail the vulnerability’s parameters.