Emergency Patch Coming to Fix Adobe Flash Zero-Day Used in Live Attacks
Security Update : Adobe announced today another zero-day vulnerability in its Flash Player application, which the company says attackers are using in real-world attacks.
Adobe rated the vulnerability (CVE-2016-4117) as critical and said it affects Adobe Flash Player 18.104.22.168 and earlier versions, running on Windows, Macintosh, Linux, and Chrome OS.
The company promised a patch for Flash on Thursday, May 12. Adobe also says the vulnerability is serious, allowing an attacker to crash Flash Player in un unsafe manner that could allow an attacker to take control of the affected system.
The company did not mention it, but this looks like a RCE (remote code execution) vulnerability, which most critical Flash bugs tend to be. But, we’re speculating.
Adobe credited Genwei Jiang, a security researcher from FireEye for discovering the vulnerability. Jiang, together with Proofpoint researche… (read more)