Adobe has rolled out an emergency software patch for its Flash Player to patch a critical zero-day vulnerability that is already exploited by the hackers in the wild.
The company said the flaw could potentially allow hackers to take control of the affected system and that it had evidence of "limited, targeted attacks" exploiting the flaw.
Therefore, Adobe is urging users and administrators to update their software immediately.
About the Zero-day Flaw:
The vulnerability, assigned CVE-2015-3113, is a remote code execution bug that enables hackers to take control of an affected computer system.
Cyber crooks are already exploiting this zero-day vulnerability in the wild in an effort to hijack computers, targeting systems running Internet Explorer on Windows 7 and Firefox on Windows XP.
The vulnerability was discovered and reported by FireEye researchers, who first noticed the flaw actively exploiting in a phishing campaign to target companies in the defense, aerospace, high tech, telecommunications, construction and engineering, and transportation.
Affected Products:
The flaw affects all the major operating systems including Windows, Mac and Linux systems.
According to the company, the following software can potentially be impacted by the severe bug:
- Adobe Flash Player Extended Support Release version 13.0.0.292 and earlier 13.x versions for Windows and Macintosh
- Adobe Flash Player 18.0.0.161 and earlier versions for Windows and Macintosh
- Adobe Flash Player 11.2.202.466 and earlier 11.x versions for Linux
The fact that Flash is installed on almost every computer system and in almost all web browsers users are advised to update their software to the patched version of Flash Player as soon as possible.
Chrome users and Windows 8 users running Internet Explorer will receive the updated version of Flash automatically. Users of other browsers can get the patched versions from Adobe's download page.