Macromedia has admitted to a “critical” security flaw in its Flash Player software, which could allow attackers to run arbitrary code on a user’s PC.
Flash is one of the most widely used pieces of software among PC users so the impact of the flaw is potentially huge.
The flaw known to affect users of Microsoft’s Internet Explorer browser, which make up over 85% of internet users, and the small number of users who have the Opera browser. Other browser users could also be affected though.
The company has urged users to upgrade their Flash software to version 220.127.116.11 which contains a fix to the problem.
Users who have already upgraded to Flash Player 8 are not affected by the problem, said the firm.
Macromedia said there is a problem with bounds validation for indexes of certain arrays in Flash Player 7 and earlier, which leaves users open to the possibility that a third party could inject unauthorised code onto their machines that would have been executed by Flash Player.
Internet security companies eEye Digital Security and Sec Consult reported the problem to Macromedia.