Adobe issues emergency fix for Flash zero-day security flaw

The out-of-band patch fixes a flaw that affects Windows and Firefox users.
Written by Zack Whittaker, Contributor on

Adobe has issued an emergency patch for a previously undiscovered vulnerability in Flash Player, which the company says is being exploited in the wild.

(Image: Adobe)

The company said Tuesday that the latest update of the popular browser plugin, version for both Windows and Macs, fixes a security hole that could allow a hacker to take over an affected system.

"Adobe is aware of reports that CVE-2015-3113 is being actively exploited in the wild via limited, targeted attacks," the company said in a brief advisory.

FireEye researchers discovered the vulnerability was being actively exploited in a phishing campaign earlier this month.

The phishing attempts targeted companies in the aerospace, defense, construction and engineering, tech and telecom, and transportation industries.

The security firm privately reported the flaw to Adobe earlier this month.

Adobe said that the bug was being exploited through "limited, targeted attacks," adding that Internet Explorer users on Windows 7 and earlier are affected, as well as Firefox users on Windows XP.

The company recommended that users update immediately. Chrome users will receive the update automatically.

Editorial standards