Adobe released a critical update to its Flash Player plugin version 16.0.0.296 and earlier that patches a zero-day vulnerability which could allow an attacker to take control of an affected system.

Adobe released a patch for the flaw on February 4th which will be sent to all desktop installs of Flash Player that have auto-update enabled and they expect to release a manually installable update no later than February 5th.

The patched version is 16.0.0.305.

Zero-Day?

A zero-day flaw is one that’s already being exploited in the wild the day it’s discovered.

In this case, reports have already come in of attacks on systems running Internet Explorer and Firefox on Windows 8.1 and below.

How Do I Know Which Version I’m Running?

FlashPlayerAdvancedOn Windows, you can go to your Control Panel > System and Security > Flash Player, then click Advanced to see which version you’re running.

On OS X, you can verify the version by going to System Preferences > Flash Player, then click Advanced to see which version you’re running.

While there, please be sure to check the box labeled: “Allow Adobe to install updates” if it’s not already.

Alternatively, Mac or Windows users can right-click on any Flash content running within the browser, then select “About Adobe Flash Player” from the menu.

In addition to those methods, it’s also possible to check the version of Flash Player installed by visiting the Adobe-run site: About Flash Player

Again, the affected versions include:

  • Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh
  • Adobe Flash Player 13.0.0.264 and earlier 13.x versions

What If I’m Running an Affected Version?

If find your Flash Player is out of date, be sure auto-updates are enabled or download the latest release from the Official Player Download Center at:

http://get.adobe.com/flashplayer/

NOTE: You do NOT need to include the “Optional Offers” Adobe lists on the download page such as “McAfee Security Scan Plus”.  These are advertisements.  Be sure to uncheck them before downloading to avoid conflicts with security software or other applications that may already be installed on your computer.

Adobe Advertisements

 

What about Google Chrome?

Both Google Chrome and Internet Explorer on Windows 8.x include a version of Flash Player that’s updated automatically by Google and Microsoft.  Adobe has alerted both software makers to the patch and you should expect to see an update to both browsers shortly.

For Further Reading

Security Advisory for Adobe Flash Player (02.04.15)

Trend Micro Discovers New Adobe Flash Zero-Day Exploit Used in Malvertisements

Flash Player installation and update questions and answers