Adobe fixes critical Flash flaw

adobe-flash-patch-170As happens every so often we have a critical fix being released on a day other than Patch Tuesday.

Adobe released an emergency update for its Flash Player plugin for Windows, OS X and Linux to fix a zero-day vulnerability.

The fix addresses CVE-2014-0497 a integer underflow vulnerability that can be used to achieve remote code execution.

Adobe reports that the vulnerability has been in use in the wild, meaning attackers are already aware of the flaw and actively exploiting it.

Adobe emphasizes that both Windows and OS X users should consider it priority 1, while Linux users can treat it as priority 3.

This suggests the attacks they have seen may be targeting both Mac and Windows users.

Flash Player is embedded into Google Chrome and Microsoft Internet Explorer 11 on Windows 8 and 8.1, so you will need to check for Chrome updates or Windows Updates for these browsers.

If you are a Linux user Flash is usually distributed by your distribution’s package manager where you normally receive updates.

Others can get the latest Flash versions from Adobe at

The patched versions for Windows and Mac are and 11.7.700.261. Linux users should update to

Note: Apple has released a plugin blocker update for OS X blocking the use of Flash Player releases previous to