Adobe Flash Player needs to be updated to the latest version. As per their announcement, malware is actively exploiting the newly discovered security hole in the internet screen door to hijack Windows PCs.
There is an emergency patch CVE-2016-7855 that fixes the said vulnerability. The use-after-free() programming flaw enables a hacker to run a remote code execution in the even the user views a special crafted Flash media file.
Neel Mehta and Billy Leonard from the Google Threat Analysis Group discovered and reported the vulnerability to Adobe. However, the issue has not been addressed soon enough. Hackers were able to exploit it before the patch has been released.
It is a known fact that malware developers are targeting machines using Windows 7 up to the latest versions of Windows 10.
Although the attack has targeted Flash Player on Windows, it is highly advised that other platforms like Linux and MacOS do the same to avoid further attacks.
For one thing, Google Chrome users get the update automatically and at some point, IE 11 and later including Microsoft Edge will get the fix directly from Microsoft.
For all other users, the patched version of Flash Player on Windows and OS X/MacOS is 23.0.0.205. For Linux, the patched version is 11.2.202.643.
The security community has argued before that Adobe Flash Player is bug-prone. Some web developers and publishers prefer HTML5 instead.
Mozilla Firefox have placed tighter constraints and restriction on how Flash Files can be run within their browser.
