Adobe released an emergency update for its Flash Player plugin for Windows, OS X and Linux to fix a zero-day vulnerability.
The fix addresses CVE-2014-0497 a integer underflow vulnerability that can be used to achieve remote code execution.
Adobe reports that the vulnerability has been in use in the wild, meaning attackers are already aware of the flaw and actively exploiting it.
Adobe emphasizes that both Windows and OS X users should consider it priority 1, while Linux users can treat it as priority 3.
This suggests the attacks they have seen may be targeting both Mac and Windows users.
Flash Player is embedded into Google Chrome and Microsoft Internet Explorer 11 on Windows 8 and 8.1, so you will need to check for Chrome updates or Windows Updates for these browsers.
If you are a Linux user Flash is usually distributed by your distribution’s package manager where you normally receive updates.
Others can get the latest Flash versions from Adobe at http://get.adobe.com/flashplayer.
The patched versions for Windows and Mac are 18.104.22.168 and 11.7.700.261. Linux users should update to 22.214.171.1246.
Note: Apple has released a plugin blocker update for OS X blocking the use of Flash Player releases previous to 126.96.36.199.Follow @chetwisniewski