The Inquirer-Home

Adobe issues an emergency Flash Player patch for Windows and Mac

Fixes bug that allows attackers to take control of an affected system
Wed Feb 05 2014, 11:16

REGULAR SOFTWARE PATCHER Adobe has issued an emergency security update for its Adobe Flash Player, patching a critical vulnerability that could allow attackers to remotely take control of an affected system.

The security patch addresses a bug in Adobe Flash Player and earlier versions for Windows and Mac and Adobe Flash Player and earlier versions for Linux.

"Adobe is aware of reports that an exploit for this vulnerability exists in the wild, and recommends users update their product installations to the latest versions," the firm said in a security bulletin in which it acknowledged reports that an "integer underflow vulnerability" was being exploited in the wild by attackers.

The Windows and Mac updates both have priority ratings of "one", which Adobe defines as an update that resolves vulnerabilities being targeted by exploits in the wild and thus should be installed by administrators "as soon as possible".

"Clearly Adobe thinks the issue is serious if it is taking the step to issue an out-of-band security patch," said security researcher Graham Cluley in a blog post.

To update to the latest version of Flash Player as recommended by Adobe, users should download it from the Adobe Flash Player Download Centre or via the update mechanism within the product when prompted.

Adobe's emergency patch release breaks its normal patching cycle, suggesting that it's an important update. The firm rolled out its first Patch Tuesday of 2014 last month, addressing some critical bugs in Adobe Reader, Acrobat and Flash Player.

The Reader and Acrobat patches were for both Windows and Mac OS X versions of the PDF handling software, also with priority ratings of one.

The patches, which included updates to Reader version 11, Reader 10, Acrobat 11 and Acrobat 10 for both Windows and Mac, also addressed vulnerabilities that could cause crashes and potentially allow attackers to take control of affected systems. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015