Attackers Are Exploiting a New Adobe Flash Zero-Day Vulnerability
Adobe has now released the patch for the vulnerability. You can read about it here.
Adobe announced it will soon issue an update for its Flash Player in response to the discovery of critical vulnerability CVE-2016-1019, which is currently being exploited in the wild. According to Adobe, the vulnerability could cause computer crashes and potentially allow an attacker to take control of an affected computer.
The vulnerability affects Adobe Flash Player versions 184.108.40.206 and earlier for Windows, Mac, Linux, and Chrome operating systems. Exploitations on computers running Windows 7 and Windows XP with Flash Player versions 220.127.116.116 and earlier have been reported.
The imminent Flash Player update will fully patch the vulnerability, but Adobe says that Flash Player version 18.104.22.168 currently prevents exploitation of this flaw, protecting users running that version or later.
How to Stay Protected:
Adobe Flash Player users should immediately update to the current version while waiting for the update to be released. Or users can temporarily disable Flash in their browsers by following these instructions:
Internet Explorer versions 10 and 11
- Open Internet Explorer.
- Click on the Tools menu, and then click Manage add-ons.
- Under “Show,” select All add-ons.
- Select Shockwave Flash Object and then click on the Disable button.
You can re-enable Adobe Flash Player by repeating the same process, selecting Shockwave Flash Object, and clicking on the Enable button.
Guidance for users of earlier versions of Internet Explorer is available on the Microsoft website. Select the version of Internet Explorer you are using at the top right corner.
- Open Firefox.
- Open the browser menu and click Add-ons.
- Select the Plugins tab.
- Select Shockwave Flash and click Disable.
You can re-enable Flash by repeating the same process, selecting Shockwave Flash, and then clicking on the Enable button.
- Open Chrome.
- Enter chrome://plugins/ in the address bar and hit the Enter key.
- Click the Disable link under the Adobe Flash Player plugin.
You can re-enable Flash by repeating the same process and clicking the Enable link.
To stay up to date on this vulnerability, see the Adobe Product Security Incident Response Team blog.