Adobe has released a second out of band emergency fix for a zero-day vulnerability in Flash Player leaving users open to attack by hackers.
The patch was released as part of an Adobe threat advisory and addresses a flaw that could be exploited by hackers to crash or hijack systems.
"A critical vulnerability (CVE-2015-0311) exists in Adobe Flash Player 188.8.131.527 and earlier versions for Windows and Macintosh," read the advisory.
"Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system."
Adobe called for users to install the patch as soon as possible, warning that it has evidence of hackers actively exploiting the flaw.
"We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below," read the advisory.
Adobe released a separate Flash Player patch earlier in January for a bug also being exploited by hackers.
“Adobe is aware of reports that an exploit for CVE-2015-0310 exists in the wild, which is being used in attacks against older versions of Flash Player,” the firm said in a separate advisory.
“These updates address a vulnerability that could be used to circumvent memory randomisation mitigations on the Windows platform.”
Adobe said that the flaw is rated 'important', which it defines as follows: "A vulnerability which, if exploited, would compromise data security, potentially allowing access to confidential data, or could compromise processing resources in a user's computer."
The flaw was being exploited by a popular kit called Angler, as noted by a security researcher named Kafeine who reported it in a blog post on Thursday.
This problem affects Adobe Flash Player 184.108.40.2067 and earlier versions, Adobe Flash Player 220.127.116.110 and earlier 13.x versions, and Adobe Flash Player 18.104.22.1689 and earlier versions for Linux.
Adobe has issued a fix and urged those with the following software versions to update as soon as possible:
• Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 22.214.171.1247.
• Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 126.96.36.1992.
• Users of Adobe Flash Player for Linux should update to Adobe Flash Player 188.8.131.528.
• Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 184.108.40.2067.
The warnings come after Oracle issued a whopping 167 security patches for products including Java and Sun systems.
HP and Centrica are the first industry partners to sign up to the government's new Code
New ice grows faster but is also more vulnerable to weather and wind
With a crackdown on cheats is coming in November, PUBG rushes to fix matchmaking problems introduced in Update #22
New material uses carbon dioxide from the air to repair and reinforce itself