Adobe has released an emergency update for Flash Player on Windows, Mac and Linux. Current versions have a vulnerability that could potentially allow an attacker to remotely take control of the affected system. According to Adobe, an exploit for the vulnerability (CVE-2014-0497) exists in the wild.
Windows and Mac users of versions 220.127.116.11 and earlier should update to version 18.104.22.168. Users of Flash Player 22.214.171.1245 and earlier versions for Linux should update to version 126.96.36.1996. Adobe has also released a patched version 11.7.700.261 for Windows and Mac.
A Google Chrome update yesterday to version 32.0.1700.107 included the fixed Flash plugin bundled with that product. Microsoft has released an update for Windows 8.0 and 8.1 for the bundled Flash Player plugin in Internet Explorer 10 and 11.
If Flash is bundled with the browser, do Flash bugs become browser bugs?
Users may obtain the newest version of Adobe Flash Player from Adobe at get.adobe.com/flashplayer. Do not trust Flash Player installations or patches from any other source.
The vulnerability was reported to Adobe by Alexander Polyakov and Anton Ivanov of Kaspersky Lab.