Adobe has released another out-of-band patch for a zero day vulnerability in Flash. Adding into an endless list of critical Flash vulnerabilities, the latest one allows an attacker to take control of your PC or Mac. Along with an emergency patch for this zero day vulnerability in Flash, Adobe has also addressed the same exploit in Adobe Air.
Adobe releases emergency fix to a 0day Flash vulnerability under attack
Only a few days after releasing the scheduled updates - again, fixing critical vulnerabilities - in its Acrobat Reader and Acrobat Digital editions, Adobe has now released an out-of-band emergency update to Flash Player. The vulnerability (CVE-2016-1010) is being exploited in targeted attacks, Kaspersky Lab's Anton Ivanov has discovered.
Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
Adobe is aware of a report that an exploit for CVE-2016-1010 is being used in limited, targeted attacks.
Since the vulnerability has already been exploited, it is absolutely necessary to install the patch as soon as you can. To update, head over to Adobe's update page and use the "Install now" button to get the latest security patches.
Adobe had hinted that an additional update would be coming as the flaws were reported too close to the scheduled monthly updates, giving the company no time to prepare and release a patch. Whether you own a Mac, Linux or a Windows machine, Adobe has said that the latest exploit discovered in the bug ridden software affects all the platforms. Several reports in 2015 had indicated that the Flash might finally die. However, even after hundreds of security patches that are released every year to Adobe's product, the company is still to discontinue it. Flash has become an extremely vulnerable platform used in many attacks, leveraging zero day exploits.
To learn more about the latest vulnerabilities in Flash and Adobe Air, please visit the official security bulletin.
[Update]: Microsoft has just released an unscheduled update for Windows 10 to fix this critical vulnerability in Flash Player. Adobe's Flash is used in Windows 10 Microsoft Edge and Internet Explorer 11 for Windows 8.1.
Thanks for tip, Jesse.
