Adobe Systems has released a patch for their Adobe Flash product after finding that the current software is vulnerable to an attack that was implemented earlier this month. The attacks were discovered by security researchers from Kaspersky Lab. The exploit was launched from a website setup by the Syrian Ministry of Justice to receive complaints about law violations. There is no evidence as to who is behind the attack as of yet, however the site has been compromised in the past by hackers.
You can read more on the exploit in a blog post from Kaspersky Lab. There are two exploits that leverage the same previously unknown flaw in Adobe Flash, however only one of them affects systems with any version of flash, the other requires Adobe Flash 10 Active X and the Cisco MeetingPlace Express Add-In to be installed on the system.
While this exploit has been unknown to hackers, that is all going to change now that it has been brought to light. Therefore this is a high risk security risk that should be resolved as quickly as possible. The best way is to update your version of flash right away. Adobe fixed the issue on Monday with the release of Flash Player 220.127.116.11 for Windows and Mac, and Flash Player 18.104.22.1686 for Linux. The flash player that comes bundled with Internet Explorer 10 on Windows 8 and Internet Explorer 11 on Windows 8.1 will be updated with an Internet Explorer update.
The thing to remember is much of the software used today is very complicated with thousands to millions of lines of code. Bugs, and security flaws are bound to be found over time. These companies will do their best to resolve these problems as quickly as possible and provide software updates. Therefore it is important to always keep you software up to date to help mitigate these issues before they come up. Make it a practice of keeping your system up to date at all times, and you should keep your risk factor to a minimum.