Adobe on Saturday released a critical update to its Flash player software, patching a vulnerability that could allow attackers to take control of a Mac or PC. The flaw is reportedly already being exploited out in the wild by the bad guys.
Flash versions up to and including 16.0.0.287 on OS X and Windows and 11.2.202.438 on Linux are susceptible to the attack, the cause of which has yet to be detailed.
If you have Adobe’s automatic update feature turned on in OS X, you should begin receiving the update to version 16.0.0.296 immediately. The company says a standalone patch will be released this week. Adobe is working with Google to update the version of Flash embedded in the Chrome web browser.
Adobe has assigned the number CVE-2015-0311 to the vulnerability, and has defined it as “critical,” meaning a “vulnerability, which, if exploited would allow malicious native-code to execute, potentially without a user being aware.”
You can check the version of Flash installed on your system by visiting Adobe’s About Flash Player page or right-clicking on Flash content in your browser and selecting “About Adobe Flash Player” from the pop-up menu. Instructions for enabling automatic updates or manually updating Flash can be found here.