Flash Zero Day Patch Coming Soon
Thursday, April 7, 2016 @ 06:04 PM gHale
Adobe is preparing a patch for a Flash Player Zero Day that has been undergoing active exploitation by attackers.
According to the company, the critical flaw, identified as CVE-2016-1019, exists in Flash Player 22.214.171.124 and earlier versions for Windows, Mac, Linux and Chrome OS.
Flash Player 126.96.36.199, a version released in March, introduces a mitigation that prevents attackers from exploiting the vulnerability. Adobe said attacks involving CVE-2016-1019 launched against systems running Windows XP and Windows 7 with Flash 188.8.131.526 and earlier.
The vendor said it will release a patch for this Zero Day shortly. In the meantime, users should make sure their Flash installation ends up updated to version 184.108.40.206 or later.
Adobe has credited Kafeine of Proofpoint, Genwei Jiang of FireEye, and Clement Lecigne of Google for reporting the issue.
This will be the third Flash Player update issued by Adobe this year.