Adobe Flash: Emergency patch issued to fix serious zero-day flaw

Exploits for the latest in a long line of security flaws in Adobe Flash already seen in the wild

In possibly the least surprising news this week (or any week) Adobe has rushed out an emergency security patch to fix a zero-day flaw in the company's Flash Player software affecting almost all versions of the perennially insecure software on all platforms.

The issues relate to Flash player on Windows, OS X, Linux and Chrome OS, and is rated as 'critical', according to the company.

"Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address a critical vulnerability that could potentially allow an attacker to take control of the affected system," the company warned.

Adobe added that it is aware an exploit for the flaws already exists in the wild, and is being used in "limited, targeted attacks against users running Windows versions 7, 8.1 and 10".

Adobe also issued instructions to help users of the software discover which version they are running and if they need to update.

"To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select ‘About Adobe (or Macromedia) Flash Player' from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system," explained Adobe.

"Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to 'Allow Adobe to install updates' will receive the update automatically.

"Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted."

Adobe and its users endure a lot of Flash problems, and are probably well versed in dealing with them. The industry is rapidly losing its patience with the software though, and Flash is running out of friendly places to lurk.

Adobe thanked Neel Mehta and Billy Leonard from Google's Threat Analysis Group for bringing the vulnerability to its attention.

Computing's Enterprise Security & Risk Management Summit returns on 24 November. Entrance is FREE to qualifying IT leaders and computing professionals, but places are going fast, so register now.