Adobe releases emergency patch for Flash zero-day flaw

The out-of-band patch fixes a security vulnerability that affects all versions of Flash.

Adobe has patched a critical zero-day security flaw in Flash, which the company said was being used to launch "limited, targeted attacks."

The emergency patch, which also fixed two other vulnerabilities, landed on Friday, sooner than the company's forecast of some time this week.

The patch updates Flash for Windows and OS X to version 19.0.0.226, and version 11.2.202.540 for Linux.

Trend Micro researcher Peter Pi, who was credited with discovering the vulnerability, said in a blog post Friday that Russian hackers had used the flaw to target foreign affairs ministries by sending spearphishing emails that contained links to webpages hosting the exploit.

From there, hackers could remotely execute code on a target machine, potentially taking over the affected system.

Google's Project Zero was also credited with the vulnerability's discovery.

The company recommended that users update immediately. Users of Google Chrome, Internet Explorer 10 and 11, and Microsoft Edge browser will receive the update automatically.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All