New Flash zero-day targets Windows, Mac users

The drive-by download attack targeted users of Internet Explorer and Firefox. The zero-day vulnerability could allow an infected machine to be taken over by an attacker.

Adobe has issued an advisory warning of a previously undiscovered security vulnerability in Flash Player.

Latest Flash Player at risk of exploit (Image: Adobe)

The company said Monday the zero-day flaw exists in the latest version of Flash Player, version 16.0.0.296 (and earlier), and if exploited could cause a crash that allows an attacker to take control of the affected system.

Windows and Mac users are affected, along with Linux users (version 11.2.202.440 and earlier).

Adobe confirmed it was aware of reports that the flaw was being actively exploited against Internet Explorer and Firefox users running Windows 8.1 and below.

Trend Micro, which contributed to finding the flaw along with Microsoft, said on its blog users should disable Flash until a fix is released.

The company confirmed a fix will arrive later this week, but did not say exactly when.