Users of Adobe's Flash media player are once again in attackers' crosshairs after the company warned of a new, critical vulnerability under active exploit.
Flash Player 21.0.0.197 and earlier versions running on Windows, Apple OS X, Linux distributions and Google's Chrome OS are vulnerable to the CVE-2016-1019 flaw.
According to Adobe, the vulnerability "could cause a crash and potentially allow an attacker to take control of the affected system".
The company said it had received reports that attackers were actively exploiting the vulnerability on Windows XP and 7 systems with Flash Player version 20.0.0.36 and earlier.
It said it was preparing to release a patch on April 8 Australian time.
Users with Flash Player 21.0.0.182 and later are not vulnerable, Adobe said, thanks to mitigation measures introduced from that version of the software.
The company credited French reseacher Kafeine, Genwei Jiang of security vendor FireEye, and Google security engineer Clément Lecigne with finding the bug.
It is yet to publish technical details yet for the vulnerability.
.png&h=140&w=231&c=1&s=0)
_page-0001.jpg&w=100&c=1&s=0)
Integrate Expo 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
