Adobe has released an emergency patch for a critical vulnerability in its Flash Player that was actively exploited on Windows 7, 8.1 and 10 systems. The zero-day allowed attackers to take full control over the infected computer and was reported to Adobe by Google.
In order to become infected users only had to visit a hacked or malcious website or view a malicious advertisement. Also opening an Office document with a malcious embedded Flash object could lead to infection. According to Adobe the vulnerability has been actively exploited in targeted attacks against users of Windows 7, Windows 8.1 and Windows 10.
Adobe advices users to upgrade to Flash Player 22.214.171.124 as soon as possible. Google Chrome, Internet Explorer 11 on Windows 8.1 and Windows 10 are automatically updated, just like Microsoft’s Edge browser. Other users can upgrade using Flash Player’s automatic update feature or through Adobe.com.
The last regular update for Adobe Flash was on the 11th of October, then 12 vulnerabilities were fixed, none of them was actively attacked.