Adobe is urging users of its Flash Player software to install a new security update which it hopes will prevent hackers from exploiting what it calls a “critical vulnerability” (a zero-day flaw) found in the program.
In an emergency security bulletin released last night, the company explains that the update will address a major flaw that could potentially allow an attacker to remotely take control of the affected system.
“Adobe is aware of reports that an exploit for this vulnerability exists in the wild, and recommends users update their product installations to the latest versions,” an Adobe statement said.
The vulnerability affects users across Windows, Mac and Linux PCs, with Adobe giving the update a Priority 1 rating (where updates are advised to be installed as soon as possible) for users of the first two platforms, and a Priority 3 rating (meaning vulnerabilities that have not historically been targets) for the latter.
Customers not using the latest versions of Chrome or Internet Explorer will need to update their versions of Flash Player automatically, as previous editions of those browsers do not have Adobe’s software built in.
Craig Young, security researcher at Tripwire’s Vulnerability and Exposure Research Team, believes that this issue serves as a reminder to users to exercise proper care and attention with their browsers.
“This latest Flash zero-day serves as a good reminder of the reasons security professionals urge users to enable browser plugins only when necessary,” he said, “ It is important to note that browsers such as Chrome and Internet Explorer have Adobe’s Flash technology ‘baked in’ making it necessary to explicitly disable it when not needed.”
This is the latest in a series of security setbacks to have affected the firm, which admitted last October that the usernames and encrypted passwords of 38 million of its active account holders had been stolen by hackers in a major attack. The source code for its Reader, Acrobat and Photoshop programs were also found to have compromised during the attack, which also found users’ credit cards details may have been stolen.
Are you a security expert? Try our quiz!
Originally published on eWeek.
US FCC seeks to ban Chinese telecom firms at centre of national security concerns from…
Two updates to Anthropic's AI chatbot Claude sees arrival of a new business-focused plan, as…
Most people in the United States view TikTok as a Chinese influence tool a poll…
UK regulator confirms it is investigating whether OnlyFans is doing enough to prevent children accessing…
Dismissed staff file complaint with a US labor board, and allege Google unlawfully terminated their…
Elon Musk dismisses two senior Tesla executives, plus the entire division that runs Tesla's Supercharger…