Adobe to patch critical Flash Player vulnerability

A critical vulnerability in Adobe Flash Player 21.0.0.197 and earlier is already being exploited, according to an Adobe advisory.
A critical vulnerability in Adobe Flash Player 21.0.0.197 and earlier is already being exploited, according to an Adobe advisory.

Adobe is expected to release a security update as early as April 7 to fix a critical vulnerability (CVE-2016-1019) in Adobe Flash Player 21.0.0.197 and earlier that “could cause a crash and potentially allow an attacker to take control of an affected system.”

In a Tuesday security advisory, the company said it “is aware” of the vulnerability, which affects Windows, Macintosh, Linux, and Chrome OS versions, “being actively exploited on systems running Windows 7 and Windows XP with Flash Player version 20.0.0.306 and earlier.”  Adobe urged users to update to a current version of Flash Player that includes a mitigation introduced in the March 10 Flash Player 21.0.0.182 update that will prevent attackers from exploiting the vulnerability.

Adobe credited researcher Kafeine (EmergingThreats/Proofpoint) as well as Genwei Jiang of FireEye, Inc. and Google's Clement Lecigne for reporting the vulnerability.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS