Adobe has released an out of the blue security bulletin stating a bug in Adobe Flash is being exploited by hackers and could potentially allow attackers to take over computers. The attack vector is malicious Microsoft Word documents that exploit the ActiveX version of Flash Player in Internet Explorer on Windows. According to Adobe, this vulnerability “could cause the application to crash and potentially allow an attacker to take control of the affected system”.
Adobe was notified about this security exploit by two unnamed researchers and Adobe has since then issued a patch to plug this bug. While the exploit appears to be on Windows only, the Flash update is being issued cross-platform to Windows, Linux, and Mac OS X. Anyone that wants to stay safe from this bug should immediately update their Flash Player to v11.3.300.271. Updates will be pushed by Adobe via the automatic updating feature in Flash Player or by users can manually update by downloading the latest version of Flash Player from Adobe’s website.
Although the Adobe Flash bug isn’t Microsoft’s fault despite Word being the delivery vehicle, Microsoft itself issued updates on Patch Tuesday that addressed 26 vulnerabilities, some of them being in Microsoft Office. No wonder Apple users like to laugh at us.