Adobe Flash Player update fixes latest zero-day bug
Adobe began rolling out Flash Player 22.214.171.1245 on Wednesday for users who have auto-update enabled.
The version includes a fix for the recently reported critical zero-day vulnerability – CVE-2015-0313 – that affects Flash Player 126.96.36.1996 and earlier versions for Windows and Macintosh, as well as Flash Player 188.8.131.524 and earlier 13.x versions.
“Adobe expects to have an update available for manual download on 5 February, and we are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11,” according to an update added on Wednesday to the 2 February advisory.
Adobe said on Monday it is aware of reports that the critical bug is being actively exploited, and explained that successful exploitation of the vulnerability could cause a crash and enable an attacker to take complete control of the victim's system.