The good people at Ars Technica bring us word of a major security flaw in the Adobe Flash player that, unless you've updated today, you are almost certainly vulnerable to. The flaw came to light following a weekend hack on the digital security company Hacking Team (ironic, I know), which resulted in a whopping 400GB of data being dumped onto the net.
Details about the exploit, described in Hacking Team documentation as "the most beautiful Flash bug for the last four years," were posted yesterday, as was a confirmation from Symantec that said it "could allow attackers to remotely execute code on a targeted computer." And because knowledge of the exploit is now public, it also predicted that "groups of hackers will rush to incorporate it into exploit kits before a patch is published by Adobe."
Adobe said in a security bulletin that the exploit affects all Flash Player versions up to and including 18.104.22.168, and is "critical," meaning it could "allow malicious native-code to execute, potentially without a user being aware." The bottom line is that, unless you updated Flash today, you'll want to get on it as soon as possible. You can check your Flash version here, or you can just skip all that and grab the latest and greatest at Adobe.com. (And don't forget to uncheck that "optional offer" in the middle, unless you actually want it.)