Adobe Flash and Adobe Air vulnerabilities, patched and released with Adobe security bulletin APSB14-22, have already been found in the arsenal of Fiesta Exploit Kit and Angler Exploit Kit.
Reported in advisory CVE-2014-0497. the vulnerabilities could allow an unauthenticated remote attacker to execute arbitrary code. The attacker could exploit this vulnerability by persuading a user to visit a malicious web page that contains crafted Flash content. If successful, the attacker could execute arbitrary code in the security context of the affected application. If the application is running with elevated privileges, this could result in a complete system compromise.
The security hole has already been patched with the release of Security bulletin ASPB14-22.
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh update to Adobe Flash Player 188.8.131.52 by visiting the Adobe Flash Player Download Center, or via the update mechanism within the product when prompted.
- Users of the Adobe Flash Player Extended Support Release should update to version 184.108.40.206 by visiting http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html.
-Users of Adobe Flash Player for Linux update to Adobe Flash Player 220.127.116.111 by visiting the Adobe Flash Player Download Center.
-Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 18.104.22.168.
-Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 22.214.171.124.
-Users of the Adobe AIR desktop runtime should update to version 126.96.36.1993 by visiting the Adobe AIR Download Center.
-Users of the Adobe AIR SDK should update to version 188.8.131.522 by visiting the Adobe AIR Download Center.
-Users of the Adobe AIR SDK & Compiler should update to version 184.108.40.2062 by visiting the Adobe AIR Download Center.
-Users of the Adobe AIR for Android should update to Adobe AIR 220.127.116.113 by downloading the new version from the Google Play store.