The company, which was part of a massive customer data breach last year, released the emergency update overnight in a bid to patch a an exploit that has been used in attacks against users since earlier this month. Adobe said in an advisory posted on its security website that the vulnerability could allow attackers to gain control of affected computer systems.
Researchers from Kaspersky Lab discovered the attacks, which, according to them, were launched from a website set up by the Syrian Ministry of Justice to receive complaints about law violations.
"We received a sample of the first exploit on April 14, while a sample of the second came on April 16," Vyacheslav Zakorzhevsky, manager of the vulnerability research group at Kaspersky Lab said in a blog post.
"The first exploit was initially recorded by KSN [the Kaspersky Security Network] on April 9, when it was detected by a general heuristic signature."
The exploits, according to Kaspersky, have been used in 'watering hole' espionage attacks - a technique that uses legitimate websites specific to a geographic area which the attackers believe will be visited by end users who belong to the organization they wish to penetrate.
The exploits so far appear to target Microsoft Windows users, but updates also are available for Mac and Linux versions of Flash.
The Flash update brings the media player to v. 220.127.116.11 on Windows and Mac systems, and v. 18.104.22.1686 for Linux users, and to see which version of Flash you have installed, visit this link.
Users of both Internet Explorer 10/11 and Google's Chrome browser should auto-update their versions of Flash. Meanwhile if your version of Flash on Chrome (on either Windows, Mac or Linux) is not yet updated, you may just need to close and restart the browser.
Adobe recommends that users update their product installations to the latest versions:
- Users of Adobe Flash Player 22.214.171.124 and earlier versions for Windows should update to Adobe Flash Player 126.96.36.199.
- Users of Adobe Flash Player 188.8.131.52 and earlier versions for Macintosh should update to Adobe Flash Player 184.108.40.206.
- Users of Adobe Flash Player 220.127.116.110 and earlier versions for Linux should update to Adobe Flash Player 18.104.22.1686.
- Adobe Flash Player 22.214.171.124 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 126.96.36.199 for Windows, Macintosh and Linux.
- Adobe Flash Player 188.8.131.52 installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 184.108.40.206 for Windows 8.0.
- Adobe Flash Player 220.127.116.11 installed with Internet Explorer 11 will automatically be updated to the latest Internet Explorer 11 version, which will include Adobe Flash Player 18.104.22.168 for Windows 8.1.
So, unless you’re using the latest versions of Chrome or Internet Explorer, you’ll want to manually update Adobe Flash immediately. You can get the latest version now directly from the Adobe Download Center.