Adobe has issued a fix for critical vulnerability (CVE-2014-8439) found in Adobe Flash Player software, according to Adobe’s APSB14-26 security bulletin. The vulnerability affects all Adobe Flash Player and Adobe AIR versions on Windows, Macintosh and Linux.
“Adobe Flash Player before 126.96.36.1998 and 14.x and 15.x before 188.8.131.52 on Windows and OS X and before 184.108.40.2064 on Linux, Adobe AIR before 220.127.116.113, Adobe AIR SDK before 18.104.22.1682, and Adobe AIR SDK & Compiler before 22.214.171.1242 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors,” the overview from National Vulnerability Database stated.
The ad-hoc security bulletin received a priority rating of 2, which means the “update resolves vulnerabilities in a product that has historically been at elevated risk” and so far there are no exploits in the wild.
Also, the vulnerability is rated as critical, meaning that “if exploited would allow malicious native-code to execute, potentially without a user being aware.”
A lower priority rating has been given to the Linux Flash Player version that has not been targeted by attackers until now.
Adobe Flash Player plug-in updates for Google Chrome and Internet Explorer are automatic. Users are also advised to check if the auto update feature from the desktop Flash Player version is turned on.