Adobe has released a "critical update" for its Adobe Flash Player software on both Mac and Windows, addressing a zero-day vulnerability that gives complete control over compromised systems to hackers.
The vulnerability affects all Macs with Adobe Flash Player version 18.104.22.168 and earlier and all users are urged to update immediately. Adobe has a site where users can check what version of Flash they have installed. The latest version of Flash can be downloaded from Adobe's website.
Adobe has released security updates for Adobe Flash Player 22.214.171.124 and earlier versions for Windows and Macintosh and Adobe Flash Player 126.96.36.1995 and earlier versions for Linux. These updates address a critical vulnerability that could potentially allow an attacker to remotely take control of the affected system. Adobe is aware of reports that an exploit for this vulnerability exists in the wild, and recommends users update their product installations to the latest versions.
These updates resolve an integer underflow vulnerability that could be exploited to execute arbitrary code on the affected system.
Adobe thanked Alexander Polyakov and Anton Ivanov of Kaspersky Labs for discovering the vulnerability, but the company did not specify precisely how it works.