Vulnerability Management

Adobe to patch critical Flash Player vulnerability

Adobe is expected to release a security update as early as April 7 to fix a critical vulnerability (CVE-2016-1019) in Adobe Flash Player and earlier that “could cause a crash and potentially allow an attacker to take control of an affected system.”

In a Tuesday security advisory, the company said it “is aware” of the vulnerability, which affects Windows, Macintosh, Linux, and Chrome OS versions, “being actively exploited on systems running Windows 7 and Windows XP with Flash Player version and earlier.”  Adobe urged users to update to a current version of Flash Player that includes a mitigation introduced in the March 10 Flash Player update that will prevent attackers from exploiting the vulnerability.

Adobe credited researcher Kafeine (EmergingThreats/Proofpoint) as well as Genwei Jiang of FireEye, Inc. and Google's Clement Lecigne for reporting the vulnerability.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.