Patch Coming to Fix Flash Player 0-Day Exploited in the Wild

Nosotros are dorsum to the routine coverage of a zero-day vulnerability in Adobe's Wink Player. But that this latest vulnerability has been institute exploited in the wild.

Flash Role player nil-day vulnerability exploited in alive attacks

Another zero-day flaw in Adobe'south still-alive Wink Player is being exploited to launch malware attacks. In an advisory issued today, Adobe has rated the exploit critical. The visitor has said that the exploit is existence used by hackers in existent-world attacks, nonetheless, a patch won't be released until May 12 in an emergency release.

Rated critical, the latest zippo-day vulnerability affects Adobe Wink Histrion 21.0.0.226 and earlier versions, running on Windows, Macintosh, Linux, and Chrome OS.

A critical vulnerability (CVE-2016-4117) exists in Adobe Flash Actor 21.0.0.226 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an aggressor to take command of the affected system.

Adobe is enlightened of a written report that an exploit for CVE-2016-4117 exists in the wild. Adobe volition accost this vulnerability in our monthly security update, which volition exist bachelor every bit early as May 12. For the latest information, users may monitor the Adobe Product Security Incident Response Team blog.

Looking like a remote lawmaking execution vulnerability, no more details were shared except that it was discovered by FireEye's Genwei Jiang. Jiang too discovered another similar Flash Player null-day exploit last month, which was used to deliver Locky and Cerber ransomware using the Magnitude exploit kit.

In today'south Patch Tuesday, Apple issued security updates to ColdFusion application server platform fixing three security bug. Adobe Acrobat and Reader besides received security patches for 92 vulnerabilities addressing different flaws, including memory corruption issues. For more details, please visit Adobe.