Flash Player 0-Day Flaw Exploited in the Wild – Emergency Patch Coming This Week

Rafia Shaikh
Posted May 10, 2016
24Shares
Share Tweet Submit

We are back to the routine coverage of a zero-day vulnerability in Adobe’s Flash Player. Only that this latest vulnerability has been found exploited in the wild.

Flash Player zero-day vulnerability exploited in live attacks

Another zero-day flaw in Adobe’s still-alive Flash Player is being exploited to launch malware attacks. In an advisory issued today, Adobe has rated the exploit critical. The company has said that the exploit is being used by hackers in real-world attacks, however, a patch won’t be released until May 12 in an emergency release.

Rated critical, the latest zero-day vulnerability affects Adobe Flash Player 21.0.0.226 and earlier versions, running on Windows, Macintosh, Linux, and Chrome OS.

A critical vulnerability (CVE-2016-4117) exists in Adobe Flash Player 21.0.0.226 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe is aware of a report that an exploit for CVE-2016-4117 exists in the wild.  Adobe will address this vulnerability in our monthly security update, which will be available as early as May 12. For the latest information, users may monitor the Adobe Product Security Incident Response Team blog.

Looking like a remote code execution vulnerability, no more details were shared except that it was discovered by FireEye’s Genwei Jiang. Jiang also discovered another similar Flash Player zero-day exploit last month, which was used to deliver Locky and Cerber ransomware using the Magnitude exploit kit.

In today’s Patch Tuesday, Apple issued security updates to ColdFusion application server platform fixing three security issues. Adobe Acrobat and Reader also received security patches for 92 vulnerabilities addressing different flaws, including memory corruption issues. For more details, please visit Adobe.

Flash Zero-Day Exploited in the Wild, Affecting All Versions - Fix Coming Later This Week

– 3-Yr Old Marcher Trojan Uses Porn Sites and Flash Player to Steal Banking Credentials

Share Tweet Submit