Flash update squashes active exploit
Adobe's latest update addresses a critical flaw that could allow an attacker to run arbitrary code.
Check the version of Adobe Flash you have installed on your system, and if it's less than version 184.108.40.206, be sure to download the latest update that Adobe has made available today (you can do this using Adobe's Flash version checker). This update addresses a vulnerability in the program that is currently being exploited by malware developers to compromise systems.
Described as an "object confusion vulnerability," Adobe claims that the exploit allows an attacker to crash the Flash application and execute code that could potentially allow the attacker to take control of the system. In object-based programming languages, associated functions and variables in a running program are packaged together in what is referred to as an object, whose properties are defined as a "class."
In an object-confusion vulnerability, the object's class is changed so any objects defined by it are incorrectly interpreted and return incorrect values when run. These values can be pointers that direct the program to execute arbitrary code stored in other sections of memory by the attacker, and thereby run the attacker's malware.
Currently this vulnerability is being exploited for people using Internet Explorer on Windows systems, but the vulnerability is not exclusive to Windows and could potentially be used to attack Mac and Linux users as well. Therefore, be sure to update your system to close this vulnerability and prevent any attacks, especially on any Windows machine, be it on a native Windows PC, or on an Apple system running Windows in Boot Camp or in a virtual machine.
Flash Player is included in Google Chrome and has already been updated for those who have it installed, but if you use alternate browsers (even in conjunction with Chrome), then be sure to install this latest update.
The Flash update can be downloaded from Adobe at its Adobe Flash Player Web site. Adobe offers the update through its automatic update notifications for those who have Flash installed, but to avoid any confusion with potential malware (many of which use fake Flash offerings as a vehicle for distribution), you might consider getting this update only from the Flash Web site itself.