REGULAR SOFTWARE PATCHER Adobe has issued an emergency security update for its Adobe Flash Player, patching a critical vulnerability that could allow attackers to remotely take control of an affected system.
The security patch addresses a bug in Adobe Flash Player 22.214.171.124 and earlier versions for Windows and Mac and Adobe Flash Player 126.96.36.1995 and earlier versions for Linux.
"Adobe is aware of reports that an exploit for this vulnerability exists in the wild, and recommends users update their product installations to the latest versions," the firm said in a security bulletin in which it acknowledged reports that an "integer underflow vulnerability" was being exploited in the wild by attackers.
The Windows and Mac updates both have priority ratings of "one", which Adobe defines as an update that resolves vulnerabilities being targeted by exploits in the wild and thus should be installed by administrators "as soon as possible".
"Clearly Adobe thinks the issue is serious if it is taking the step to issue an out-of-band security patch," said security researcher Graham Cluley in a blog post.
To update to the latest version of Flash Player as recommended by Adobe, users should download it from the Adobe Flash Player Download Centre or via the update mechanism within the product when prompted.
Adobe's emergency patch release breaks its normal patching cycle, suggesting that it's an important update. The firm rolled out its first Patch Tuesday of 2014 last month, addressing some critical bugs in Adobe Reader, Acrobat and Flash Player.
The Reader and Acrobat patches were for both Windows and Mac OS X versions of the PDF handling software, also with priority ratings of one.
The patches, which included updates to Reader version 11, Reader 10, Acrobat 11 and Acrobat 10 for both Windows and Mac, also addressed vulnerabilities that could cause crashes and potentially allow attackers to take control of affected systems. µ
Sign up for INQbot – a weekly roundup of the best from the INQ