Adobe has patched a serious security vulnerability in Flash, which the company said hackers are actively exploiting.
The company said in an advisory Tuesday that the previously undisclosed zero-day flaw affects Windows, Macs, Linux and Chrome operating systems. A successful exploitation “could cause a crash and potentially allow an attacker to take control of the affected system,” the advisory read.
The patch, released Thursday, resolve a series of type confusion vulnerabilities that could lead to an attacker running malware on an affected device.
FireEye senior research engineer Genwei Jiang was credited with the vulnerability’s discovery, and privately reporting the bug to Adobe.
Almost two-dozen other vulnerabilities were patched as part of the update.
The company recommended that users update immediately.
The vulnerability is the latest issue with Flash, the web plugin that has for years drawn ire from the security community for its litany of bugs and issues.
Its reputation was sunk further after Italian surveillance firm Hacking Group found a series of flaws that it used to conduct hacking and intelligence-gathering operations. The company was itself hacked last year, leading to the leaking of the zero-day exploits.
Given the hostility towards the plug-in, Adobe last year said it would rebrand Flash as it pivots towards HTML5, a more secure and less memory-consuming standard.