Tech

Adobe readies emergency patch for Flash zero-day bug exploited in the wild

The zero-day vulnerability allows attackers to take complete control of a victim's system.

Written by Charlie Osborne, Contributing Writer April 6, 2016 at 3:38 a.m. PT

Adobe has told users that an emergency patch is being prepared for a Flash zero-day vulnerability being exploited in the wild which can give attackers complete control.

On Tuesday, the tech giant said in a security advisory that CVE-2016-1019, the zero-day security flaw, is a critical issue which exists in affects Adobe Flash Player 21.0.0.197 and earlier. The bug impacts Windows, Mac, Linux and Chrome operating systems.

The Flash zero-day "could cause a crash and potentially allow an attacker to take control of the affected system" if exploited, according to Adobe.

Adobe has received reports that the vulnerability is being actively exploited in the wild, which is bad news for users of older software. Until an update and fix is released to patch the flaw, anyone actively using Adobe Flash 21.0.0.197 and earlier is vulnerable to attack.

Security

According to the company, cyberattackers are using the zero-day in attacks against systems running Windows 7 and Windows XP -- which is no longer supported by Microsoft -- with Flash Player version 20.0.0.306 and earlier.

A mitigation is in place for Flash Player 21.0.0.182, and so if you are running Flash Player 21.0.0.182 and later, the risk of exploit has been lessened.

Nonetheless, the exploit is a serious issue, and so Adobe is readying a patch which is due to be released as soon as April 7. In the meantime, users should make sure their version of Flash is as up-to-date as possible.

Kafeine of Proofpoint, FireEye's Genwei Jiang and Clement Lecigne of Google have been thanked for disclosing the zero-day vulnerability to Adobe.

At the end of 2015, Adobe rounded off the year with a massive cluster of fixes for a total of 78 bugs. The vulnerabilities were all found within Adobe Flash player, and seven of the security flaws were deemed critical.