Adobe issues emergency patch for exploited Flash zero-day

By

Windows users targeted.

Adobe is warning that a new zero-day vulnerability in its Flash Player software is being exploited in the wild and can be used to take full control of victims' systems.

Adobe issues emergency patch for exploited Flash zero-day

The company has issued an emergency security update for Flash Player for the Windows, macOS, Linux and ChromeOS operating systems.

Google threat analysis group researchers Neel Mehta and Billy Leonard are credited for finding the bug, which has been given the common vulnerabilities and exposures index CVE-2016-7855.

The update for Flash Player takes care of a use-after-free memory handling vulnerability that Adobe rates as critical, and which could lead to full system compromise.

Adobe said it was aware of an exploit for CVE-2016-7855 being used in targeted attacks against Microsoft Windows 7, 8.1 and 10.

Flash Player desktop runtime and the variants built into the Google Chrome and Microsoft Edge and Internet Explorer 11 web browsers with version number 23.0.0.185 and earlier are vulnerable.

Linux versions of Flash Player 11.2.202.637 and earlier are also vulnerable.

Adobe is advising users to update their Flash Player software to version 23.0.0.205 on Windows, macOS and in the Google Chrome and Microsoft Edge and Internet Explorer 11 web browsers.

The company said Linux users should update to version 11.2.202.643.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments

Qantas contacted by "potential cyber criminal"

Qantas contacted by "potential cyber criminal"

SA Power Networks tackles IAM, cloud security under five-year strategy

SA Power Networks tackles IAM, cloud security under five-year strategy

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Log In

  |  Forgot your password?