Adobe has confirmed through a security bulletin posted on its website that it’s aware of a “critical vulnerability” with some versions of the Flash Player, the vulnerability affects Windows, Mac and Linux users alike and can likely cause systems to crash as well as allow attackers to remotely “take control of the affected system.” Affected versions include 18.104.22.168 and earlier.
As per Adobe’s own Severity Rating System an exploit marked critical “would allow malicious native-code to execute, potentially without a user being aware,” so this is certainly not to be taken lightly.
Adobe has labeled the exploit CVE-2015-7645 and explains that it’s being used in limited targeted attacks, so the threat is very real. The company doesn’t have a permanent fix as yet so the only remedy that’s really available to anyone who might have Adobe Flash Player installed on their machine is to remove it for the time being.
The company does say that it’s currently working on the fix for this security vulnerability and promises that the fix will be included in the next version of Adobe Flash Player that’s due to be released on Monday, October 19th.
This exploit doesn’t do much for the argument in favor of keeping Flash alive, many in the tech community are calling on Adobe to stop developing Flash player, but it doesn’t look like the company is going to pay any attention to those calls just yet.