Adobe has released a patch for a previously unknown Flash vulnerability that surfaced earlier this week as part of a massive 400GB data dump that hit the web following the hack of the Hacking Team.
The vulnerability, labeled CVE-2015-5119, affects Adobe Flash Player versions 18.104.22.168 and earlier on Windows, Mac and Linux. The company says a successful exploitation could crash a system and potentially allow an attacker to gain control of a machine.
Flash vulnerabilities aren’t anything new but what makes this particular instance so concerning is that it’s already being used in the wild. Malwarebytes said it first noticed it being used around 3pm yesterday and that it is one of the fastest documented cases of an “immediate weaponization” in the wild. That's likely because there were detailed instructions on its usage in the Hacking Team file dump.
To check the version of Flash running on your system, you can visit the About Flash Player page or right-click on content running in Flash and select “About Adobe Flash Player.” Those running multiple browsers will of course need to check each one.
You can grab the latest version of Adobe Flash Player for Windows by clicking here. If you need the Mac version, I can be downloaded here while the Linux variant can be found here. It’s advised that you patch up ASAP or even uninstall Flash completely.