Adobe has issued a fix for critical vulnerability (CVE-2014-8439) found in Adobe Flash Player software, according to Adobe’s APSB14-26 security bulletin. The vulnerability affects all Adobe Flash Player and Adobe AIR versions on Windows, Macintosh and Linux.
“Adobe Flash Player before 22.214.171.1248 and 14.x and 15.x before 126.96.36.199 on Windows and OS X and before 188.8.131.524 on Linux, Adobe AIR before 184.108.40.2063, Adobe AIR SDK before 220.127.116.112, and Adobe AIR SDK & Compiler before 18.104.22.1682 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors,” the overview from National Vulnerability Database stated.
The ad-hoc security bulletin received a priority rating of 2, which means the “update resolves vulnerabilities in a product that has historically been at elevated risk” and so far there are no exploits in the wild.
Also, the vulnerability is rated as critical, meaning that “if exploited would allow malicious native-code to execute, potentially without a user being aware.”
A lower priority rating has been given to the Linux Flash Player version that has not been targeted by attackers until now.
Adobe Flash Player plug-in updates for Google Chrome and Internet Explorer are automatic. Users are also advised to check if the auto update feature from the desktop Flash Player version is turned on.