Adobe announced April 5 that it would soon issue an emergency update for its widely used Flash Player software due to a flaw which, if left unfixed, could let a remote attacker hijack an entire computer. This update may be released as soon as April 7.
Attackers are reportedly exploiting a critical flaw, CVE-2016-1019, which affects Flash Player version 220.127.116.11 on Windows, Mac, Linux and Chrome OS, according to an advisory published on Tuesday.
The flaw is being actively exploited on Windows XP and 7 systems running Flash Player versions 18.104.22.1686 and earlier. Update methods vary depending on your browser (Chrome updates automatically, for example, as do Internet Explorer 10 and 11, whereas Firefox needs a manual touch), but the process is simple and should take only a few minutes.
“A mitigation introduced in Flash Player 22.214.171.124 currently prevents exploitation of this vulnerability, protecting users running Flash Player 126.96.36.199 and later,” Adobe said in the security advisory.
“Adobe recommends users of Adobe Flash Player, who have not already done so, immediately update to the current version of Flash Player via the update mechanism within the product or by visiting the Adobe Flash Player Download Center. If you use multiple browsers, install the update in each browser you have installed on your system,” it added.
Flash Player has long been a favored target for cyberattackers since it runs on hundreds of millions of computers worldwide and vulnerabilities are frequently found.
Flash Player will regularly check for updates on Windows and Mac OS X, but the update still must be installed, which some users may not do in a timely manner.
To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select “About Adobe (or Macromedia) Flash Player” from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.
Adobe is working with security researchers Kafeine from Emerging Threats and Genwei Jiang from FireEye in order to address the vulnerability as quickly as possible.