Adobe released an emergency patch for a critical vulnerability affecting Flash Player for Windows, Linux and OS X, the exploitation of which can result in an attacker gaining remote control of the compromised systems.
The security flaw exists in Adobe Flash Player 12.0.0.43 and earlier versions Adobe thanks Alexander Polyakov and Anton Ivanov of Kaspersky Labs (CVE-2014-0497) for reporting the issues and for working with Adobe to help protect their customers.
The breadth of this impact is not yet known but this can be very critical across the world because flash player is used by most of the users for variety of reasons. Kaspersky released an article explaining the vulnerability very depth and is available here
Adobe recommends its users to the latest versions:
- Users of Adobe Flash Player 12.0.0.43 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 12.0.0.44.
- Users of Adobe Flash Player 11.2.202.335 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.336.
- Adobe Flash Player 12.0.0.41 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 12.0.0.44 for Windows, Macintosh and Linux.
- Adobe Flash Player 12.0.0.38 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 12.0.0.44 for Windows 8.0.
- Adobe Flash Player 12.0.0.38 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 12.0.0.44 for Windows 8.1.
- Users can update their version of Flash from the Adobe Flash Player Download Center.
“Adobe is aware of reports that an exploit for this vulnerability exists in the wild, and recommends users apply the updates referenced in the security bulletin.” says Adobe
As per hackernews.com “The story started some month ago, when the Kaspersky Team discovered a new sophisticated cyber espionage operation which has been going on at least since 2007. The operation dubbed “The Mask”hit systems in 27 countries leveraging high-end exploits, the attackers adopted an extremely sophisticated malware which includes a bootkit and rootkit. “