ADOBE has issued a second patch update to fix a critical flaw in a Flash plugin which could allow hackers to perform remote-code execution on a victim's machine.
Adobe has warned that the 126.96.36.199 update is a top priority, and has been released outside the firm's usual monthly bug fix cycle after October's patch of the bug was unsuccessful.
The new update bolsters the patch released in October 2014 against the CVE-2014-8439 exploit.
Security company F-Secure explained that it uncovered the bug during an analysis of a Flash exploit, saying that hackers had originally used an exploit kit called Angler which injected malicious code into the software.
"We received the sample from 'Kafeine', a renowned exploit kit researcher. He asked us to identify the vulnerability which was successfully exploited with Flash Player 188.8.131.52 but not with 184.108.40.206," said F-Secure.
"We considered the possibility that maybe the latest patch prevented the exploit from working and the root cause of the vulnerability was still unfixed so we contacted the Adobe Product Security Incident Response Team.
"They confirmed our theory and released an out-of-band update to provide additional hardening against a vulnerability in the handling of a de-referenced memory pointer that could lead to code execution, CVE-2014-8439."
F-secure said that installing the update immediately is "paramount", whether it is done manually or automatically.
Check this link to see what version of Flash Player you have installed. The most recent versions of Flash can be downloaded from the Adobe Flash home page. µ
A surprisingly busy week in a quiet month
Measures just 15.75mm at its thickest point
Firm expects GPU sales to start drying up