Adobe has told users that an emergency patch is being prepared for a Flash zero-day vulnerability being exploited in the wild which can give attackers complete control.
On Tuesday, the tech giant said in a security advisory that CVE-2016-1019, the zero-day security flaw, is a critical issue which exists in affects Adobe Flash Player 220.127.116.11 and earlier. The bug impacts Windows, Mac, Linux and Chrome operating systems.
The Flash zero-day "could cause a crash and potentially allow an attacker to take control of the affected system" if exploited, according to Adobe.
Adobe has received reports that the vulnerability is being actively exploited in the wild, which is bad news for users of older software. Until an update and fix is released to patch the flaw, anyone actively using Adobe Flash 18.104.22.168 and earlier is vulnerable to attack.
According to the company, cyberattackers are using the zero-day in attacks against systems running Windows 7 and Windows XP -- which is no longer supported by Microsoft -- with Flash Player version 22.214.171.1246 and earlier.
A mitigation is in place for Flash Player 126.96.36.199, and so if you are running Flash Player 188.8.131.52 and later, the risk of exploit has been lessened.
Nonetheless, the exploit is a serious issue, and so Adobe is readying a patch which is due to be released as soon as April 7. In the meantime, users should make sure their version of Flash is as up-to-date as possible.
Kafeine of Proofpoint, FireEye's Genwei Jiang and Clement Lecigne of Google have been thanked for disclosing the zero-day vulnerability to Adobe.
At the end of 2015, Adobe rounded off the year with a massive cluster of fixes for a total of 78 bugs. The vulnerabilities were all found within Adobe Flash player, and seven of the security flaws were deemed critical.
Read on: Top picks
- How to increase your Bitcoin mining profit by 30 percent with less effort
- SMS Android malware roots and hijacks your device - unless you are Russian
- Bug bounties: Which companies offer researchers cash?
- Shodan: The IoT search engine privacy messenger
- What happens when you leak stolen bank data to the Dark Web?