Adobe is warning that a new zero-day vulnerability in its Flash Player software is being exploited in the wild and can be used to take full control of victims' systems.
The company has issued an emergency security update for Flash Player for the Windows, macOS, Linux and ChromeOS operating systems.
Google threat analysis group researchers Neel Mehta and Billy Leonard are credited for finding the bug, which has been given the common vulnerabilities and exposures index CVE-2016-7855.
The update for Flash Player takes care of a use-after-free memory handling vulnerability that Adobe rates as critical, and which could lead to full system compromise.
Adobe said it was aware of an exploit for CVE-2016-7855 being used in targeted attacks against Microsoft Windows 7, 8.1 and 10.
Flash Player desktop runtime and the variants built into the Google Chrome and Microsoft Edge and Internet Explorer 11 web browsers with version number 23.0.0.185 and earlier are vulnerable.
Linux versions of Flash Player 11.2.202.637 and earlier are also vulnerable.
Adobe is advising users to update their Flash Player software to version 23.0.0.205 on Windows, macOS and in the Google Chrome and Microsoft Edge and Internet Explorer 11 web browsers.
The company said Linux users should update to version 11.2.202.643.
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
_page-0001.jpg&w=100&c=1&s=0)
Integrate Expo 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
