Flash to get update for zero-day bug

Share this article:

UPDATE: The patches are now live

Adobe on Wednesday plans to release an update to its Flash Player to patch a number of vulnerabilities, including one that is being actively exploited.

The update to Flash 10.3.183.7 and earlier versions for Windows, Macintosh, Linux and Solaris is expected to include several fixes.

But the primary reason for the emergency update is to resolve a flaw, rated "important," that is being leveraged in ongoing, targeted attacks in which adversaries are attempting to trick users into clicking on a malicious link contained in an email, according to Adobe. A successful exploit could lead to a cross-site scripting attack by which criminals could take website actions on the victim's behalf.

Wednesday's planned release, which also will bring Flash 10.3.186.6 for Android up to date, includes fixes for a number of other vulnerabilities – these rated "critical" – but none are being actively used in attacks. However, a successful exploit could result in a full system takeover.

The updates are due in the early evening EST. Google, meanwhile, already has fixed the issue in the latest version of Chrome.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.

EU conducts massive cyberattack simulation on critical networks

Conducted by the European Union Agency for Network and Information Security, the simulation launched 2,000 attacks on the networks of various critical infrastructure organizations.