Flash Zero Day Patch Coming Soon

Thursday, April 7, 2016 @ 06:04 PM gHale


Adobe is preparing a patch for a Flash Player Zero Day that has been undergoing active exploitation by attackers.

According to the company, the critical flaw, identified as CVE-2016-1019, exists in Flash Player 21.0.0.197 and earlier versions for Windows, Mac, Linux and Chrome OS.

RELATED STORIES
Adobe Patches Security Issues
Adobe to Patch Flaws in Reader, Acrobat
Adobe Patches Multiple Vulnerabilities
Adobe Sends Out Emergency Flash Patch

Flash Player 21.0.0.182, a version released in March, introduces a mitigation that prevents attackers from exploiting the vulnerability. Adobe said attacks involving CVE-2016-1019 launched against systems running Windows XP and Windows 7 with Flash 20.0.0.306 and earlier.

The vendor said it will release a patch for this Zero Day shortly. In the meantime, users should make sure their Flash installation ends up updated to version 21.0.0.182 or later.

Adobe has credited Kafeine of Proofpoint, Genwei Jiang of FireEye, and Clement Lecigne of Google for reporting the issue.

This will be the third Flash Player update issued by Adobe this year.