Adobe has issued an out-of-band patch for its Flash player that addresses 19 vulnerabilities, including one zero-day flaw.
In a security advisory, Adobe said that it is “aware of a report that an exploit for CVE-2015-8651 is being used in limited, targeted attacks.”
It described the exploit as an “integer overflow vulnerability that could lead to code execution”.
Qualys CTO Wolfgang Kandek said in a blog post that the update would have been released in January 2016 had it not been for the zero-day, which required out-of-band patching.
“As with all zero-days fixes this one deserves special attention and a quick turnaround,” he said.
Security blogger Brian Krebs used the disclosure of the zero-day to again encourage web users to reconsider Flash use.
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
_page-0001.jpg&w=100&c=1&s=0)
Integrate Expo 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
