Adobe Fixes Highly Critical Vulnerability in Flash Player

Adobe has issued a fix for critical vulnerability (CVE-2014-8439) found in Adobe Flash Player software, according to Adobe’s APSB14-26 security bulletin. The vulnerability affects all Adobe Flash Player and Adobe AIR versions on Windows, Macintosh and Linux.

“Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference) via unspecified vectors,” the overview from National Vulnerability Database stated.

The ad-hoc security bulletin received a priority rating of 2, which means the “update resolves vulnerabilities in a product that has historically been at elevated risk” and so far there are no exploits in the wild.

Also, the vulnerability is rated as critical, meaning that “if exploited would allow malicious native-code to execute, potentially without a user being aware.”

A lower priority rating has been given to the Linux Flash Player version that has not been targeted by attackers until now.

Adobe Flash Player plug-in updates for Google Chrome and Internet Explorer are automatic. Users are also advised to check if the auto update feature from the desktop Flash Player version is turned on.