Adobe may have deprecated Flash in favor of HTML5, but that doesn't mean everyone has stopped using it nor have hackers stopped looking for vulnerabilities.
Adobe released a new critical security on Thursday which fixes a zero-day flaw in Adobe Flash Player. According to the release notes, the vulnerability, could be exploited to "cause a crash and potentially allow an attacker to take control of the affected system".
Adobe says that the exploit is in use by hackers, and they're not kidding. Apparently the vulnerability was identified by a researcher who found it in a malware toolkit last week:
The Angler exploit kit is one of the most popular crimeware kit and according to the French security researcher Kafeine it was enriched with a fresh Adobe Flashzero-day vulnerability. Kafeine has discovered a new variant of the Angler exploit kit that exploit three different vulnerabilities in Flash Player, including the zero-day flaw for the latest version of Flash (version 220.127.116.117) in several versions of Internet Explorer running on Windows 7 and Windows 8.
The security hole affects computers running Linux, OSX, and Windows, although the researchers have only identified the exploit being used against computers running Windows XP, 7, and 8. But since it's already being actively exploited you're definitely going to want update Flash Player.
If you have automatic updates enabled then Adobe will be rolling the update out to you. But just to be safe, you should probably check with Adobe and see if you have the latest version of Flash Player for your system.
According to this page, I'm good. Are you?
You can download the update here.
image by smswigart