Flash Player 0-Day Flaw Exploited in the Wild – Emergency Patch Coming This Week

Author Photo
May 10, 2016

We are back to the routine coverage of a zero-day vulnerability in Adobe’s Flash Player. Only that this latest vulnerability has been found exploited in the wild.

Flash Player zero-day vulnerability exploited in live attacks

Another zero-day flaw in Adobe’s still-alive Flash Player is being exploited to launch malware attacks. In an advisory issued today, Adobe has rated the exploit critical. The company has said that the exploit is being used by hackers in real-world attacks, however, a patch won’t be released until May 12 in an emergency release.

flash-player-dead-2RelatedEnd of Flash Is Close: Chrome Reports Usage Went from 80% in 2014 to Just 8% in 2018 

Rated critical, the latest zero-day vulnerability affects Adobe Flash Player and earlier versions, running on Windows, Macintosh, Linux, and Chrome OS.

A critical vulnerability (CVE-2016-4117) exists in Adobe Flash Player and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe is aware of a report that an exploit for CVE-2016-4117 exists in the wild.  Adobe will address this vulnerability in our monthly security update, which will be available as early as May 12. For the latest information, users may monitor the Adobe Product Security Incident Response Team blog.

Looking like a remote code execution vulnerability, no more details were shared except that it was discovered by FireEye’s Genwei Jiang. Jiang also discovered another similar Flash Player zero-day exploit last month, which was used to deliver Locky and Cerber ransomware using the Magnitude exploit kit.

In today’s Patch Tuesday, Apple issued security updates to ColdFusion application server platform fixing three security issues. Adobe Acrobat and Reader also received security patches for 92 vulnerabilities addressing different flaws, including memory corruption issues. For more details, please visit Adobe.

flash-playerRelatedAdobe Patches Flash Player 0-Day Allegedly Exploited in the Wild by North Korean Hackers

– 3-Yr Old Marcher Trojan Uses Porn Sites and Flash Player to Steal Banking Credentials