The remaining 24 bugs include buffer overflow and memory corruption issues though Adobe notes that all could allow an attacker to take over a vulnerable system.
Advertisement
What isn’t known, at this point, is whether Microsoft has slipped some new Windows 10 and/or telemetry-related updates into the mix for users of Windows Vista, 7, 8 and 8.1. The Flash vulnerability affects Internet Explorer and has been reported in active attacks on South Korean web sites.
The Windows bug was already patched in this week’s May Patch Tuesday.
The vulnerability, CVE-2016-4117, which was deemed critical, was identified by FireEye engineer Genwei Jiang.
Adobe wrote the Flash Player fix may come as early as May 12, to fix CVE-2016-4117, which is now being exploited in the wild. According to the 2016 Global Security Report from security firm Trustwave, nearly 40 percent of the zero-day vulnerabilities identified past year were in Flash Player and 80 percent of the new exploits added to widely used Web-based exploit kits were for Flash Player flaws. If you’re on Windows, then install Microsoft’s latest security update to patch the IE zero-day attack.
On May 10, Adobe announced on its website that they have discovered a critical vulnerability in Flash Player 21.0.0.226 and earlier versions for Windows, Macintosh, Linux, and Chrome OS.
A critical zero-day vulnerability has been uncovered in Adobe’s Flash Player that is being actively exploited in real-world attacks to infect unsuspecting internet users with malware. “Adobe will address this vulnerability in our monthly security update, which will be available as early as May 12″.
Michael Gray, vice president of technology at Thrive Networks, told SCMagazine.com by email that he is not surprised another Flash update is imminent.
Advertisement
One concern with Flash flaws is that because of the plug-in software’s wide installation base – and many users failing to keep the software updated – it’s become a favorite of attackers, including exploit-kit writers and ransomware rings (see Emergency Flash Patch Battles Ransomware).
