This week, Adobe Systems released Adobe Flash Player 126.96.36.199 with security updates for Mac and Windows users, addressing a critical bug that could potentially allow a hacker to gain control of an affected system. These software updates are available for Windows, Macintosh and Linux systems.
“Adobe is aware of reports that CVE-2015-3113 is being actively exploited in the wild via limited, targeted attacks. Systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP are known targets,” notes Adobe’s security bulletin.
At the time of writing, Intego security researchers have found no samples of this threat on Mac OS X platforms.
Affected software versions include: Adobe Flash Player 188.8.131.52 and earlier versions for Windows and Macintosh, Adobe Flash Player Extended Support Release version 184.108.40.2062 and earlier 13.x versions for Windows and Mac, and Adobe Flash Player 220.127.116.116 and earlier versions for Linux.
Adobe describes the critical flaw these updates address as follows:
These updates resolve a heap buffer overflow vulnerability that could lead to code execution (CVE-2015-3113).
Mac and Windows users should update to Adobe Flash Player 18.104.22.168 immediately. Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 22.214.171.1246. Linux users should update to Adobe Flash Player 126.96.36.1998. Google Chrome and Internet Explorer on Windows 8.x will automatically update to Flash Player version 188.8.131.52.