Adobe released a critical update to its Flash Player plugin version 220.127.116.116 and earlier that patches a zero-day vulnerability which could allow an attacker to take control of an affected system.
Adobe released a patch for the flaw on February 4th which will be sent to all desktop installs of Flash Player that have auto-update enabled and they expect to release a manually installable update no later than February 5th.
The patched version is 18.104.22.1685.
A zero-day flaw is one that’s already being exploited in the wild the day it’s discovered.
In this case, reports have already come in of attacks on systems running Internet Explorer and Firefox on Windows 8.1 and below.
How Do I Know Which Version I’m Running?
On Windows, you can go to your Control Panel > System and Security > Flash Player, then click Advanced to see which version you’re running.
On OS X, you can verify the version by going to System Preferences > Flash Player, then click Advanced to see which version you’re running.
While there, please be sure to check the box labeled: “Allow Adobe to install updates” if it’s not already.
Alternatively, Mac or Windows users can right-click on any Flash content running within the browser, then select “About Adobe Flash Player” from the menu.
In addition to those methods, it’s also possible to check the version of Flash Player installed by visiting the Adobe-run site: About Flash Player
Again, the affected versions include:
- Adobe Flash Player 22.214.171.1246 and earlier versions for Windows and Macintosh
- Adobe Flash Player 126.96.36.1994 and earlier 13.x versions
What If I’m Running an Affected Version?
If find your Flash Player is out of date, be sure auto-updates are enabled or download the latest release from the Official Player Download Center at:
NOTE: You do NOT need to include the “Optional Offers” Adobe lists on the download page such as “McAfee Security Scan Plus”. These are advertisements. Be sure to uncheck them before downloading to avoid conflicts with security software or other applications that may already be installed on your computer.
What about Google Chrome?
Both Google Chrome and Internet Explorer on Windows 8.x include a version of Flash Player that’s updated automatically by Google and Microsoft. Adobe has alerted both software makers to the patch and you should expect to see an update to both browsers shortly.
For Further Reading
Security Advisory for Adobe Flash Player (02.04.15)
Trend Micro Discovers New Adobe Flash Zero-Day Exploit Used in Malvertisements