Adobe has just revealed the existence of a serious vulnerability in Flash Player following its latest security update. This covers all versions of the software across the Windows, Mac, and Linux platforms.
In an advisory released on October 14, the company categorized the severity of the issue as 'critical'. Problems of this nature are defined as:
"A vulnerability, which, if exploited would allow malicious native-code to execute, potentially without a user being aware."
the exact build number that contains the exploit is detailed in the following message:
A critical vulnerability (CVE-2015-7645) has been identified in Adobe Flash Player 19.0.0.207 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe is aware of a report that an exploit for this vulnerability is being used in limited, targeted attacks.
Some older versions of the product were also compromised.
- Adobe Flash Player 19.0.0.207 and earlier versions for Windows and Macintosh
- Adobe Flash Player Extended Support Release version 18.0.0.252 and earlier 18.x versions
- Adobe Flash Player 11.2.202.535 and earlier 11.x versions for Linux
The company originally promised to issue a fix by October 19, but thankfully bumped the date up to October 16 soon after.
In the meantime, Adobe suggests double checking your software version to ensure it is not among those affected.
To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.
Adobe suggests that extra cautious users uninstall the program completely until the fix is issued.