Adobe issues emergency Flash Player fix

  • Published
Flash logoImage source, Adobe
Image caption,

Flash is a commonly used browser plug-in

Adobe has released an emergency software patch for Flash after it found a serious vulnerability being exploited by hackers.

The company said it had evidence of "limited, targeted attacks" and urged people to update their software immediately.

Flash is widely used across the web as a way of providing multimedia content.

This vulnerability - which enables hackers to take control of a computer - affects Windows, Mac and Linux systems.

Users can check if their installation of Flash is up to date by visiting the Adobe website, external - the current latest version is 18.0.0.194.

People who browse the internet with the latest versions of Google's Chrome browser and Microsoft's Internet Explorer should find that Flash is upgraded automatically.

Holes

Adobe's Flash software has a long history of needing security fixes and is regarded by some security researchers as a weak point in many websites.

Along with Java, Flash is routinely targeted by hackers making use of zero-day exploits - the term given to previously unknown security holes.

This was partly because of its ubiquity, said Mark James, a security specialist from ESET.

"Since Flash is such a widely used plug-in, it stands to reason that it will be one of the most targeted apps for vulnerability," he said.

"If you want to affect as many people as possible, then you need an application that a lot of users use, and Flash is one of them."

Security blogger Brian Krebs recently disabled Flash on his machine entirely, as an experiment, external.

On his blog, he wrote: "It might be worth considering whether you really need to keep Flash Player installed at all."