Adobe has released an update for its Flash Player that patches 23 vulnerabilities. One of the vulnerabilities is actively exploited and used to infect computers with malware. This is a so-called zero-day leak which means it's a vulnerability that's abused while there is no patch available for it yet. The exploit for zero-day leak is used in, according to Adobe, 'limited and targeted' attacks.
The zero-day leak was reported by Russian antivirus company Kaspersky Lab while other vulnerabilities were reported by employees of many large tech companies including Google, HP, Tencent, Alibaba and Microsoft. All of the 18 vulnerabilities allowed an attacker to execute random code on a computer which also makes it possible to infect a system with malware. To become infected, an user only has to visit a hacked or malicious website or view an infected advertisement.
Adobe advises users to update as soon as possible, the latest version of Flash Player is 21.0.0.182. Most browsers have an embedded Flash Player which means updating the browser is sufficient. Adobe also has a page where you can see if you have the latest Flash Player installed.
