Adobe has issued an emergency patch for a critical vulnerability in its Flash Player. The issue could in the worst case allow an attacker to take full control over the system. Adobe is unaware of attacks exploiting the vulnerability, but technical details about the issue have been publicly disclosed already.
Because technical details are publicly available, there is high risk that cybercriminals will abuse the vulnerability in upcoming attacks. Therefore, users are advises to update Flash Player as soon as possible, when possible within 72 hours. The advice is for both Windows, Linux and macOS users.
Updating to Flash Player 18.104.22.168 can be easily done through the automatic update feature on Adobe.com. Google Chrome, Internet Explorer 11 (on Windows 8.1 and Windows 10) and Edge users will have their embedded Flash Player automatically updated through the browser. Users can check on this page which version of Flash Player is currently installed on their system.
Attacks where Flash Player vulnerabilities are exploited not only take place through the browser. Cybercriminals also abuse Office documents with embedded Flash objects which are automatically run when a user opens the document. This means that users who have disabled or blocked Flash Player in their browser can still become a victim of a Flash Player based attack. Earlier this year there were several zero-day attacks that used this method.