A Flash vulnerability that's being exploited by hackers to gain control of victims' machines is the target of a security update released yesterday by Adobe.
"There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an e-mail message," Adobe said in a security bulletin.
"The exploit targets Flash Player on Internet Explorer for Windows only," Adobe said, but the company urged Mac, Linux, and Android users to update their versions of Flash as well. The company provided a link to help people determine which version of Flash they're running, and it listed which versions are vulnerable:
Adobe recommends users of Adobe Flash Player 22.214.171.124 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 126.96.36.199. Flash Player installed with Google Chrome was updated automatically, so no user action is required. Users of Adobe Flash Player 188.8.131.52 and earlier versions on Android 4.x devices should update to Adobe Flash Player 184.108.40.206. Users of Adobe Flash Player 220.127.116.11 and earlier versions for Android 3.x and earlier versions should update to Flash Player 18.104.22.168.
Android users can verify the version of Flash they're running as follows: go to Settings/Applications/Manage Applications/Adobe Flash Player x.x.
For detailed information, including information on downloading a new version of Flash, see the security bulletin.