Adobe Flash and Adobe Air vulnerabilities, patched and released with Adobe security bulletin APSB14-22, have already been found in the arsenal of Fiesta Exploit Kit and Angler Exploit Kit.
Reported in advisory CVE-2014-0497. the vulnerabilities could allow an unauthenticated remote attacker to execute arbitrary code. The attacker could exploit this vulnerability by persuading a user to visit a malicious web page that contains crafted Flash content. If successful, the attacker could execute arbitrary code in the security context of the affected application. If the application is running with elevated privileges, this could result in a complete system compromise.
The security hole has already been patched with the release of Security bulletin ASPB14-22.
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh update to Adobe Flash Player 18.104.22.168 by visiting the Adobe Flash Player Download Center, or via the update mechanism within the product when prompted.
- Users of the Adobe Flash Player Extended Support Release should update to version 22.214.171.124 by visiting http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html.
-Users of Adobe Flash Player for Linux update to Adobe Flash Player 126.96.36.1991 by visiting the Adobe Flash Player Download Center.
-Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 188.8.131.52.
-Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 184.108.40.206.
-Users of the Adobe AIR desktop runtime should update to version 220.127.116.113 by visiting the Adobe AIR Download Center.
-Users of the Adobe AIR SDK should update to version 18.104.22.1682 by visiting the Adobe AIR Download Center.
-Users of the Adobe AIR SDK & Compiler should update to version 22.214.171.1242 by visiting the Adobe AIR Download Center.
-Users of the Adobe AIR for Android should update to Adobe AIR 126.96.36.1993 by downloading the new version from the Google Play store.