Adobe readies patch for Flash Player zero-day exploit found in attacker toolkits

We have a wait to become protected against the dangerous exploit, though.

Adobe is furiously working on a fix to patch up a vulnerability in Adobe Flash Player which is being actively exploited by cyberattackers to deliver malware.

According to a security advisory released by the software giant on Tuesday, the zero-day vulnerability, CVE-2016-4117, is being used actively to compromise victim PCs.

The critical vulnerability affects Windows, Mac, Linux and Chrome operating systems. Adobe says successful exploitation "could cause a crash and potentially allow an attacker to take control of the affected system."

However, a patch to fix the problem will not be ready until May 12 as part of Adobe's monthly security update.

Discovered by Genwei Jiang from cybersecurity firm FireEye, the exploit is bad news for users who insist on using the ever-vulnerable Adobe Flash Player. The software, which useful for displaying content in browsers, is forever being updated with reams of bug fixes and patches -- many of which are critical issues relating to session hijacking, system takeovers and remote code execution.

In addition to this advisory, the Adobe Product Security Incident Response Team also released a hotfix for three vulnerabilities in ColdFusion.

In related news, targeted attacks are currently taking place against South Korean targets using CVE-2016-0189, a memory corruption vulnerability exploited through Microsoft's Internet explorer browser.

Read on: Top picks

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All