Adobe Flash Player gets an emergency update to patch a critical vulnerability which affects Windows, Mac and Linux
Adobe is rolling out an emergency update to patch a critical vulnerability which affects Windows, Mac and Linux.
The Zero-Day Exploit, has been acknowledged by Adobe, which says that the CVE-2015-3113, is a critical vulnerability, that could potentially allow an attacker to take control of the affected system.
The vulnerability reportedly targets systems using Internet Explorer on Windows 7 and Mozilla Firefox on Windows XP.
Softpedia reports that the vulnerability is a heap buffer flow, which hackers can use to execute some malicious code, which could result in injecting malware to the affected system.
Does this vulnerability affect all users?
The targets of this vulnerability, according to a security firm FireEye‘s report, are organizations in the following industries: Aerospace and Defense, Construction and Engineering, High Tech, Telecommunications and Transportation.
A hacker group reportedly started the attack, through a phishing campaign, where targets were sent malicious emails. These emails contained dangerous URLs, clicking upon which, initiated a browser redirect to a hacked server.
These servers then fed the attacked system, with a malicious SWF file (Adobe Flash Player format), as well as an FLV file. The result of which was a custom backdoor injected into the targeted system.
Latest versions of Flash Player patches the security loophole:
Adobe Flash Player for Windows and Mac OS X has been updated to 18.104.22.168, while the Linux version has been updated to 22.214.171.1248 to fix the issue.
Adobe Flash Player’s built-in updater will notify users to update to the latest version. But you can also install it manually, which is highly recommended if you have opted out of automatic updates in Flash Player updates. If you use Firefox or Internet Explorer, you should immediately download the latest version of Flash Player from the official page on Adobe’s website.
Adobe Flash Player in Google Chrome, and Internet explorer on Windows 8.x, will both be updated automatically.
Which versions of Adobe Player are affected?
Windows and Mac users with Adobe Flash Player 126.96.36.199, and Linux users with version 188.8.131.526 should update to the latest version.
How to check which version of Adobe Flash Player you have:
Firefox users can visit the Plugin Check page at Mozilla’s website to check which version you have.
Users can also visit the official About Flash page on Adobe’s Website to check the version installed. (This is also valid for Firefox users).
As a general rule, never click on emails from unknown senders. Always use the latest available version of the browser you use, and keep plugins updated. Also ensure you have the latest patches installed for your operating system.