Adobe to issue emergency patch for Flash vulnerability

Adobe is working on an emergency patch for its Flash Player after attackers are reportedly exploiting a critical flaw.

The vulnerability, CVE-2016-1019, affects Flash Player version on Windows, Mac, Linux and Chrome OS, according to an advisory published on Tuesday.

The flaw is being actively exploited on Windows XP and 7 systems running Flash Player versions and earlier.

"Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system," it said.

A patch could be released as soon as Thursday.

A mitigation in Flash Player version and above prevents the vulnerability from being exploited, Adobe said. 

Flash Player is a favored target for cyberattackers since it runs on hundreds of millions of computers worldwide and vulnerabilities are frequently found.

On Windows and Mac OS X, Flash Player will regularly check for updates. But the update still must be installed, which some users may neglect to do.

Adobe normally issues patches on the second Tuesday of the month, the same day as Microsoft, but issues emergency patches for particularly bad ones.

Adobe has been working for years to make Flash more secure through code reviews, but it has proven to be a mighty task for an application that's nearly two decades old.

It has, however, seen the writing on wall. In December, Adobe acknowledged that HTML5 was the future of Web animations and built a product called Animate CC for developing content.

IDG Insider


« Indiepix Unlimited wants to be the Netflix of independent film


Denon's latest S-Series A/V receivers are built for 4K Ultra HD video and 3D audio »
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail