ADOBE has issued a second patch update to fix a critical flaw in a Flash plugin which could allow hackers to perform remote-code execution on a victim's machine.
Adobe has warned that the 18.104.22.168 update is a top priority, and has been released outside the firm's usual monthly bug fix cycle after October's patch of the bug was unsuccessful.
The new update bolsters the patch released in October 2014 against the CVE-2014-8439 exploit.
Security company F-Secure explained that it uncovered the bug during an analysis of a Flash exploit, saying that hackers had originally used an exploit kit called Angler which injected malicious code into the software.
"We received the sample from 'Kafeine', a renowned exploit kit researcher. He asked us to identify the vulnerability which was successfully exploited with Flash Player 22.214.171.124 but not with 126.96.36.199," said F-Secure.
"We considered the possibility that maybe the latest patch prevented the exploit from working and the root cause of the vulnerability was still unfixed so we contacted the Adobe Product Security Incident Response Team.
"They confirmed our theory and released an out-of-band update to provide additional hardening against a vulnerability in the handling of a de-referenced memory pointer that could lead to code execution, CVE-2014-8439."
F-secure said that installing the update immediately is "paramount", whether it is done manually or automatically.
Check this link to see what version of Flash Player you have installed. The most recent versions of Flash can be downloaded from the Adobe Flash home page. µ
It's gotta pay the troll toll
It'll offer Turing architecture grunt minus the ray-tracing
Redmond is returning to Barcelona
And it's not exactly small