Adobe has released a patch for a serious Flash vulnerability that is being used in targeted attacks right now. The updates fix the vulnerability in Windows, Mac, Linux and Android systems.
There is an exploit in the wild that is targeting systems running vulnerable versions of Flash on Windows in Internet Explorer. Adobe is recommending that users update their systems to the new versions as soon as they can.
“These updates address an object confusion vulnerability (CVE-2012-0779) that could cause the application to crash and potentially allow an attacker to take control of the affected system.
There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message. The exploit targets Flash Player on Internet Explorer for Windows only,” Adobe said in its advisory.
Flash is one the preferred targets for attackers these days, thanks to its presence on hundreds of millions of machines around the world. With an exploit already circulating for IE on Windows, it may not be long before exploits for Flash on other platforms surface, as well. The time to patch is now.