Adobe to patch critical Flash Player vulnerability
A critical vulnerability in Adobe Flash Player 22.214.171.124 and earlier is already being exploited, according to an Adobe advisory.
Adobe is expected to release a security update as early as April 7 to fix a critical vulnerability (CVE-2016-1019) in Adobe Flash Player 126.96.36.199 and earlier that “could cause a crash and potentially allow an attacker to take control of an affected system.”
In a Tuesday security advisory, the company said it “is aware” of the vulnerability, which affects Windows, Macintosh, Linux, and Chrome OS versions, “being actively exploited on systems running Windows 7 and Windows XP with Flash Player version 188.8.131.526 and earlier.” Adobe urged users to update to a current version of Flash Player that includes a mitigation introduced in the March 10 Flash Player 184.108.40.206 update that will prevent attackers from exploiting the vulnerability.
Adobe credited researcher Kafeine (EmergingThreats/Proofpoint) as well as Genwei Jiang of FireEye, Inc. and Google's Clement Lecigne for reporting the vulnerability.