14 DAY TRIAL // Adobe rolled out an emergency update for its Flash Player software, urging users to install the new version without delay because it addresses a vulnerability that is already exploited in the wild.
Users running Internet Explorer for Windows 7 and below and Firefox on Windows XP should comply with the request as soon as possible, as these kinds of systems are among the known targets of the attackers.
Automatic updates are not available, for now
The vulnerability is a heap buffer overflow (tracked as CVE-2015-3113) that could lead to execution of arbitrary code and take control of the affected systems. It has been reported by security researchers at FireEye and there are reports that attackers leverage it in limited, targeted attacks.
It is unclear whether the vulnerability has been leveraged against regular users or in more sophisticated attacks, but it can be used for funneling in malware via drive-by download attacks.
The update is available for Windows and OS X, where the version number is increased to 18.0.0.194, and for Linux, where the new build is 11.2.202.468.
For Internet Explorer on Windows 8 and above, the new Flash Player arrives through the automatic update mechanism included in the web browser; but the release has not been pushed to clients, yet.
Chrome users do not appear to be among the targets
As such, users of IE and Mozilla Firefox should perform the update manually at the moment in order to keep themselves protected. The latest revision can be downloaded straight from Adobe or you can get it from Softpedia, for Windows or OS X.
Chrome browser does not seem to be targeted, according to Adobe’s security bulletin released on Tuesday. However, the application will also be updated with the latest Flash Player version.
On Monday, Chrome received a minor update that integrates fixes for at least two high-severity security issues.