14 DAY TRIAL // Microsoft has warned that exploits for a known Adobe Flash vulnerability have been spotted in the wild and could affect users running Flash Player versions 12.0.0.43 and earlier.
According to an advisory rolled out this morning, the exploits are based on a malicious .swf file that can be hosted on a web server in order to be loaded when the user visits the website. “When the .swf is loaded, the vulnerability is triggered,” Microsoft warned.
“Version 12.x (12.0.0.43 and earlier) is known to contain the vulnerability used by the attack, but it also carries a mitigation that prevents building the ROP gadget from the Flash Player DLL. The sample we analyzed does not support version 12.x for this reason,” the company warned.
“If you're using Flash Player version 12.0.0.43 or earlier, you need to update your Flash Player now to be protected against these attacks.”
Of course, all users are highly recommended to download and install the latest Flash Player version, just to make sure that you’re on the safe side and no effective exploits are being developed.