Adobe has issued a fix for critical vulnerability (CVE-2014-8439) found in Adobe Flash Player software, according to Adobe’s APSB14-26 security bulletin. The vulnerability affects all Adobe Flash Player and Adobe AIR versions on Windows, Macintosh and Linux.
“Adobe Flash Player before 220.127.116.118 and 14.x and 15.x before 18.104.22.168 on Windows and OS X and before 22.214.171.1244 on Linux, Adobe AIR before 126.96.36.1993, Adobe AIR SDK before 188.8.131.522, and Adobe AIR SDK & Compiler before 184.108.40.2062 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors,” the overview from National Vulnerability Database stated.
The ad-hoc security bulletin received a priority rating of 2, which means the “update resolves vulnerabilities in a product that has historically been at elevated risk” and so far there are no exploits in the wild.
Also, the vulnerability is rated as critical, meaning that “if exploited would allow malicious native-code to execute, potentially without a user being aware.”
A lower priority rating has been given to the Linux Flash Player version that has not been targeted by attackers until now.
Adobe Flash Player plug-in updates for Google Chrome and Internet Explorer are automatic. Users are also advised to check if the auto update feature from the desktop Flash Player version is turned on.