Ars Technica is reporting a major security flaw in the Adobe Flash player which nearly every Internet user is vulnerable to, unless you updated today. The flaw was revealed following a weekend hack on the digital security company Hacking Team where a large amount of internal documentation was made public.
Details about the exploit, described in documentation by Hacking Team as “the most beautiful Flash bug for the last four years,” were posted yesterday, as was a confirmation from Symantec that said it “could allow attackers to remotely execute code on a targeted computer.” Since the exploit is now public, it’s predicted that “groups of hackers will rush to incorporate it into exploit kits before a patch is published by Adobe.”
Adobe said in a security bulletin the exploit affects all versions of Flash Player up to and including 22.214.171.124, and is “critical,” meaning it could “allow malicious native-code to execute, potentially without a user being aware.”
You can check your Flash version here, then install the lastest version from Adobe. Be mindful of the “optional offer” offered by Adobe when downloading Flash Player, you can uncheck the box to not have it downloaded. Google Chrome’s built-in Flash Player was updated today, just follow these steps to update Chrome.