Adobe has released an out-of-band emergency update to its Flash Player to patch a critical vulnerability (CVE-2014-0497) which, if unpatched, could allow attackers to execute arbitrary code remotely on a victim system and gain full control.
The patch has been released for Flash Player version 184.108.40.206 and earlier for Windows and Mac OS and version 220.127.116.115 and earlier for Linux. Adobe has acknowledged that the vulnerability is being exploited in the wild.
It is recommended that users who are not running the latest version of Chrome or Internet Explorer apply the update immediately to alleviate the risk of a system compromise.
“Adobe is aware of reports that an exploit for this vulnerability exists in the wild and recommends users update their product installations to the latest versions,” notes Adobe in its advisory.
The vulnerability has been categorised as critical on Windows and Mac system with a rating of 1, while the same vulnerability has been assigned a lower priority rating of 3 on Linux.