Adobe issues emergency patch for exploited Flash zero-day

By

Windows users targeted.

Adobe is warning that a new zero-day vulnerability in its Flash Player software is being exploited in the wild and can be used to take full control of victims' systems.

Adobe issues emergency patch for exploited Flash zero-day

The company has issued an emergency security update for Flash Player for the Windows, macOS, Linux and ChromeOS operating systems.

Google threat analysis group researchers Neel Mehta and Billy Leonard are credited for finding the bug, which has been given the common vulnerabilities and exposures index CVE-2016-7855.

The update for Flash Player takes care of a use-after-free memory handling vulnerability that Adobe rates as critical, and which could lead to full system compromise.

Adobe said it was aware of an exploit for CVE-2016-7855 being used in targeted attacks against Microsoft Windows 7, 8.1 and 10.

Flash Player desktop runtime and the variants built into the Google Chrome and Microsoft Edge and Internet Explorer 11 web browsers with version number 23.0.0.185 and earlier are vulnerable.

Linux versions of Flash Player 11.2.202.637 and earlier are also vulnerable.

Adobe is advising users to update their Flash Player software to version 23.0.0.205 on Windows, macOS and in the Google Chrome and Microsoft Edge and Internet Explorer 11 web browsers.

The company said Linux users should update to version 11.2.202.643.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Phishing attack nets enormous npm supply chain compromise

Phishing attack nets enormous npm supply chain compromise

Service NSW centralises security, networking in mammoth CloudOps overhaul

Service NSW centralises security, networking in mammoth CloudOps overhaul

VicRoads to phase out passwords in favour of passkeys

VicRoads to phase out passwords in favour of passkeys

Apple adds "mercenary spyware" protection to new A19 chip

Apple adds "mercenary spyware" protection to new A19 chip

Log In

  |  Forgot your password?