Adobe patches exploited 0day Flash vulnerability

By on
Adobe patches exploited 0day Flash vulnerability

A total of 25 flaws taken care of in update.

Adobe has issued a security update for its Flash media player that plugs a large number of critical vulnerabilities including a zero-day bug that is currently being exploited by attackers. 

Adobe first warned users about the CVE-2016-4117 zero-day earlier this week. 

The flaw was found by Genwei Jian of security vendor FireEye. It is a type confusion vulnerability that can be used to crash Flash Player and remotely execute code.

Today's update handles another type confusion vulnerability, eight use-after-free flaws, 12 memory corruption bugs, and two buffer overflows, all which could be used for remote code execution.

A further flaw, CVE-2016-4116, resolves a vulnerability in directory search paths used to find resources that could allow for the execution of code, Adobe said.

Adobe Flash versions and earlier for Microsoft Windows and Apple OS X are vulnerable, and users are advised to upgrade to as soon as possible.

Flash Player Extended Support Release and earlier is also vulnerable, and Adobe has issued a patched version. Flash Player for Linux ( and earlier), the AIR Desktop Runtime, AIR software development kit and compiler ( and earlier) are all vulnerable and should be updated.

Google and Microsoft have issued updates for the built-in Flash player in the Chrome, Edge and Internet Explorer 11 web browsers.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?