Adobe to Issue Patch for “Critical” Flash Player Vulnerability

Adobe has announced its plans to release a patch for a “critical” Flash Player vulnerability that is currently being exploited in the wild.

In a security advisory, the transnational computer software company explains that the vulnerability (CVE-2016-1019) exists in all current versions of Flash Player for Windows, Macintosh, Linux, and Chrome OS.

“Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system,” Adobe warns.

At this time, Adobe is aware of reports indicating that attackers are actively exploiting CVE-2016-1019 in the wild, particularly on machines running Windows 7 and Windows XP with Flash Player versions 20.0.0.306 and earlier.

The advisory recommends that users update to 21.0.0.197, the latest version of Adobe Flash Player. The vulnerability still exists in that version, but Adobe notes that a mitigation introduced in version 21.0.0.182 currently protects users against exploitation of the vulnerability.

To verify the version of Flash installed on a system, users are urged to visit Adobe’s about page or right-click on Flash-based content and select “About Adobe (or Macromedia) Flash Player.” This check should be performed on any and all browsers that are used on a regular basis.

If any browser is found to be running a version earlier than 21.0.0.182, users should update to the newest version of Adobe Flash Player immediately.

In the meantime, Adobe intends to release an emergency security update that addresses this vulnerability, whose discovery is credited to Kafeine (EmergingThreats/Proofpoint) and Genwei Jiang (FireEye, Inc.), as well as Clement Lecigne of Google, as early as April 7th.

News of this vulnerability comes on the heels of Adobe’s decision to rebrand Flash Professional as Adobe Animate CC. Although some industry voices have argued this move could spell the end for Flash Player, Adobe has reiterated its plans to work with Microsoft, Google, Facebook, and other partners in an effort to improve the security and compatibility of Flash content

Via: tripwire


Save pagePDF pageEmail pagePrint page

Leave a Reply

Your email address will not be published. Required fields are marked *