Adobe has released a second out of band emergency fix for a zero-day vulnerability in Flash Player leaving users open to attack by hackers.
The patch was released as part of an Adobe threat advisory and addresses a flaw that could be exploited by hackers to crash or hijack systems.
"A critical vulnerability (CVE-2015-0311) exists in Adobe Flash Player 188.8.131.527 and earlier versions for Windows and Macintosh," read the advisory.
"Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system."
Adobe called for users to install the patch as soon as possible, warning that it has evidence of hackers actively exploiting the flaw.
"We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below," read the advisory.
Adobe released a separate Flash Player patch earlier in January for a bug also being exploited by hackers.
“Adobe is aware of reports that an exploit for CVE-2015-0310 exists in the wild, which is being used in attacks against older versions of Flash Player,” the firm said in a separate advisory.
“These updates address a vulnerability that could be used to circumvent memory randomisation mitigations on the Windows platform.”
Adobe said that the flaw is rated 'important', which it defines as follows: "A vulnerability which, if exploited, would compromise data security, potentially allowing access to confidential data, or could compromise processing resources in a user's computer."
The flaw was being exploited by a popular kit called Angler, as noted by a security researcher named Kafeine who reported it in a blog post on Thursday.
This problem affects Adobe Flash Player 184.108.40.2067 and earlier versions, Adobe Flash Player 220.127.116.110 and earlier 13.x versions, and Adobe Flash Player 18.104.22.1689 and earlier versions for Linux.
Adobe has issued a fix and urged those with the following software versions to update as soon as possible:
• Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 22.214.171.1247.
• Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 126.96.36.1992.
• Users of Adobe Flash Player for Linux should update to Adobe Flash Player 188.8.131.528.
• Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 184.108.40.2067.
The warnings come after Oracle issued a whopping 167 security patches for products including Java and Sun systems.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago