A critical vulnerability (CVE-2016-4117) exists in Adobe Flash Player 18.104.22.168 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe is aware of a report that an exploit for CVE-2016-4117 exists in the wild. Adobe will address this vulnerability in our monthly security update, which will be available as early as May 12. For the latest information, users may monitor the Adobe Product Security Incident Response Team blog.
Flash Player 0-Day Flaw Exploited in the Wild – Emergency Patch Coming This Week
We are back to the routine coverage of a zero-day vulnerability in Adobe’s Flash Player. Only that this latest vulnerability has been found exploited in the wild.
Flash Player zero-day vulnerability exploited in live attacks
Another zero-day flaw in Adobe’s still-alive Flash Player is being exploited to launch malware attacks. In an advisory issued today, Adobe has rated the exploit critical. The company has said that the exploit is being used by hackers in real-world attacks, however, a patch won’t be released until May 12 in an emergency release.
Rated critical, the latest zero-day vulnerability affects Adobe Flash Player 22.214.171.124 and earlier versions, running on Windows, Macintosh, Linux, and Chrome OS.
Looking like a remote code execution vulnerability, no more details were shared except that it was discovered by FireEye’s Genwei Jiang. Jiang also discovered another similar Flash Player zero-day exploit last month, which was used to deliver Locky and Cerber ransomware using the Magnitude exploit kit.
In today’s Patch Tuesday, Apple issued security updates to ColdFusion application server platform fixing three security issues. Adobe Acrobat and Reader also received security patches for 92 vulnerabilities addressing different flaws, including memory corruption issues. For more details, please visit Adobe.