Adobe has released an emergency update to Flash player, plugging a hole that would grant anyone with knowledge of its whereabouts full remote host access to a vulnerable machine.
The patch, dubbed CVE-2014-0497, is spread across every major operating system including Mac, Windows and Linux. Anyone on the first two systems should update if they’re running a version from 18.104.22.168 and below, and Linux users should update anything earlier than 22.214.171.1245.QuantumPC
Yesterday a Chrome update was released that was bundled with the Flash issue fix, so if you’re currently running on Google’s web browser and it’s up to date within the past 24 hours, you should be safe from any harm the exploit might present.
“Adobe is aware of reports that an exploit for this vulnerability exists in the wild and recommends users update their product installations to the latest versions.”
The Adobe spokesperson was quick to give full credit for the discovery of the backdoor to Anton Ivanov and Alexander Polyakov, of Kaspersky Labs. Supposedly the bug depends on bits of underlying code that can be tricked into launching proprietary malware on-demand, making it especially ominous for users who don’t have all their latest antivirus definitions current on their machines.
You may obtain the latest version of Adobe Flash player from their website, as well as from second party sources like the Chrome update we mentioned above.