Adobe issues emergency patch for exploited Flash zero-day

By

Windows users targeted.

Adobe is warning that a new zero-day vulnerability in its Flash Player software is being exploited in the wild and can be used to take full control of victims' systems.

Adobe issues emergency patch for exploited Flash zero-day

The company has issued an emergency security update for Flash Player for the Windows, macOS, Linux and ChromeOS operating systems.

Google threat analysis group researchers Neel Mehta and Billy Leonard are credited for finding the bug, which has been given the common vulnerabilities and exposures index CVE-2016-7855.

The update for Flash Player takes care of a use-after-free memory handling vulnerability that Adobe rates as critical, and which could lead to full system compromise.

Adobe said it was aware of an exploit for CVE-2016-7855 being used in targeted attacks against Microsoft Windows 7, 8.1 and 10.

Flash Player desktop runtime and the variants built into the Google Chrome and Microsoft Edge and Internet Explorer 11 web browsers with version number 23.0.0.185 and earlier are vulnerable.

Linux versions of Flash Player 11.2.202.637 and earlier are also vulnerable.

Adobe is advising users to update their Flash Player software to version 23.0.0.205 on Windows, macOS and in the Google Chrome and Microsoft Edge and Internet Explorer 11 web browsers.

The company said Linux users should update to version 11.2.202.643.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
adobeflashsecurityzeroday

Sponsored Whitepapers

Optus Enterprise Mobility
Optus Enterprise Mobility
Life After VMware: Scale Securely with mCloud by Micron21
Life After VMware: Scale Securely with mCloud by Micron21
Cut Cloud Costs Without Compromise: Discover mCloud by Micron21
Cut Cloud Costs Without Compromise: Discover mCloud by Micron21
What 4 wholesale distribution challenges aren’t going away anytime soon?
What 4 wholesale distribution challenges aren’t going away anytime soon?
State of the SOC: Building Resilience in a Shifting Threat Landscape
State of the SOC: Building Resilience in a Shifting Threat Landscape

Events

Most Read Articles

Phishing attack nets enormous npm supply chain compromise

Phishing attack nets enormous npm supply chain compromise
Service NSW centralises security, networking in mammoth CloudOps overhaul

Service NSW centralises security, networking in mammoth CloudOps overhaul
VicRoads to phase out passwords in favour of passkeys

VicRoads to phase out passwords in favour of passkeys
Apple adds "mercenary spyware" protection to new A19 chip

Apple adds "mercenary spyware" protection to new A19 chip
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?