Adobe urges users to upgrade Flash Player
Adobe Systems Inc. is urging users of its Flash Player 22.214.171.124 and earlier versions for Windows and Macintosh as well as Adobe Flash Player 126.96.36.1995 and earlier versions for Linux, to upgrade following a security advisory.
The update, CVE-2014-0497, addresses a ‘critical vulnerability ‘ which stems from an ‘integer underflow bug’ in the underlying code in current versions that could potentially allow hackers to remotely take complete control of the underlying system hosting Adobe.
The company has rated the threat as "critical," the company's highest severity category.
Adobe did not include many details in its advisory warning which prompted this zero-day threat, other than to credit Alexander Polyakov and Anton Ivanovof antivirus provider Kaspersky Labs for reporting the vulnerability.
Vyacheslav Zakorzhevsky, head of the vulnerability research group at Kaspersky Lab said it is password-grabbing Trojan that targets the email and social media accounts of users and organizations in China.
This is just the latest in security breaches for the software maker.
Last October, Adobe was forced to announce that hackers had accessed personal data - removed data including encrypted credit- and debit-card numbers, for nearly 3 million of its customers and that hackers also removed the source code for a number of their products.
"Adobe does seem to have an unfortunate history of people finding security flaws with Flash that require updates," independent security consultant Alan Woodward told the BBC.
"What Adobe seem to have done in this case is put out a warning, but it has not given as much information as other firms would normally do when issuing such a security advisory.
"That might be them trying to avoid giving the hackers too much information whilst still telling people there is a problem."
Users may obtain the newest versionsof Adobe Flash Player from Adobe at get.adobe.com/flashplayer.