Adobe is advising users and administrators to patch its Flash Player after yet another remote-code execution vulnerability was discovered in the plugin.
The patch fixes bug CVE-2015-3113, which allows attackers to take control of a system if it opens a malicious Flash file. Miscreants are exploiting the flaw in the wild to hijack PCs, targeting Internet Explorer on Windows 7 and Firefox on Windows XP.
Adobe credited researchers at FireEye in spotting and reporting the flaw. Miscreants are apparently spamming out links in emails to websites hosting malicious Flash files that exploit the vulnerability.
For Windows and OS X, the updated version will be Flash Player 220.127.116.11. On Linux the Patch version is 18.104.22.1688, and for Flash Player Extended Support, the latest is 22.214.171.1246. The patch is being considered a top priority install on both Windows and OS X, with Linux at a lower risk.
Users of Chrome, and Windows 8 users running Internet Explorer, will automatically receive the updated version. For those on other browsers, Adobe recommends installing the patch as soon as possible.
Security researchers have an alternative solution to offer users: dump Flash.
"In lieu of patching Flash Player yet again, it might be worth considering whether you really need to keep Flash Player installed at all," wrote security journalist Brian Krebs.
Those who wish to stick with Flash Player can get the patched versions from Adobe's download page. ®