Adobe Issues Fix for Latest Critical Flash Player Vulnerability

Adobe has rolled out a security update to patch the critical zero-day security flaw in Adobe Flash player. The out-of-the-band update was released just days after Adobe released its scheduled monthly update last week. Notably, after reports of the vulnerability last week, Apple had said it would roll out a fix next week. With the fix released on Friday itself however, Adobe has evidently fast-tracked the development.

The patch updates Flash for Windows and OS X to version dubbed 19.0.0.226 and its Linux counterpart to version dubbed 11.2.202.540. Adobe credited Trend Micro researcher Peter Pi, and Google's Project Zero, for discovering the vulnerability. If you're using Google Chrome or Microsoft Edge, your browser will automatically receive and install the update.

Last week, security researchers reported a critical vulnerability in Flash Player that affected every version of the media player across many desktop operating systems. As per the researchers, the flaw in Flash Player allowed an attacker to take over the victim's computer. Adobe claimed that only "limited, targeted attacks" happened in the aftermath of the said vulnerability though the vulnerability could "if exploited would allow malicious native-code to execute, potentially without a user being aware."

Researchers noted that the flaw had been exploited in the wild for quite some time by cyberspying group Pawn Storm. The group has previously attacked governments in Asia, the White House and other notable organisations and places

Once the de facto tool for playing media content on Web browsers, Flash Player has been severely criticised for its lack of security sophistication in the recent years. As Web browsers adopt different technologies - HTML5 being one - to replace Flash, the Adobe's tool seems to be on its way to extinction.