Adobe issued a critical patch for a Zero Day exploit for Adobe Flash in addition to 24 other vulnerabilities.
The Zero Day was already seeing action by the bad guys targeting users. Adobe said all the versions including the latest version 18.104.22.168 on Windows, Macintosh, Linux and ChromeOS suffer from the exploit.
Adobe Patches Flaw in Flash Library
Adobe Fixes Flash Zero Day
Flash Zero Day Coming Soon
Adobe Patches Security Issues
The exploit only seems to attack Microsoft Office, Windows and Flash users with the help of some form of phishing file or a link. The only way the exploit can run for so long is it keeps on changing the exploit using Dynamic DNS domain.
Genwei Jiang, a senior security engineer from FireEye said the attackers could disseminate their exploit via URL or email attachment.
Jiang said those that need to use Flash on their system need to patch against this exploit along with patches for other vulnerabilities and should use Enhanced Mitigation Experience Toolkit (EMET) from Microsoft to counter the vulnerabilities in Flash.
The machines which are most at risk are the versions previous to Windows 10 which includes EMET in the operating system and the users running the previous versions must keep Flash updated.