Adobe has released patches for all users running Flash Player 18.104.22.168 and earlier versions, addressing critical flaws in its trouble-plagued platform.
Whether you are running the software on Windows, macOS, Linux or Chrome OS, the Flash Player creators urge you to install the newest version immediately!
“Adobe is aware of a report that an exploit for CVE-2018-5002 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash Player content distributed via email,” the company says in its advisory.
Affected installments of Flash include Adobe Flash Player Desktop Runtime, Adobe Flash Player for Google Chrome, and Adobe Flash Player for Microsoft Edge and Internet Explorer 11. Exploitation of the flaw can lead to arbitrary code execution, says Adobe.
Users of Flash Player Desktop Runtime must install version 22.214.171.124 via the update mechanism within the product. The procedure applies to all desktop users, regardless of their OS. The next version of Chrome to be released by Google will include Flash Player 126.96.36.199 by default. The same goes for the Flash plugins in Microsoft Edge and Internet Explorer 11 for Windows 10.
The downloadable patches can be found at the Adobe Flash Player Download Center.
*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Filip Truta. Read the original post at: https://hotforsecurity.bitdefender.com/blog/patch-your-flash-player-now-zero-day-actively-exploited-in-the-wild-20003.html