​Adobe rushes out patch for Flash zero-day targeting Windows

Adobe has released an update for a previously unseen flaw in Flash Player that attackers are using to hack Windows 7, 8.1 and 10 systems.

Just a fortnight after Adobe patched a dozen bugs in Flash Player, the company has released another patch to plug a zero-day, or previously undocumented, bug in the media player.

According to Adobe, an exploit for the flaw (CVE-2016-7855) is available in the wild and is being exploited in “limited, targeted attacks” against users running Windows versions 7, 8.1, and 10.

This suggests that most users don't face an immediate risk since the exploit is likely being used against high value targets, such as execs from large companies or political targets.

While the bug has only been used against Windows machines, the patch applies to Mac, Linux and Chrome OS as well. The new, secure version number is 23.0.0.205 for Flash for Mac and Windows, as well as Chrome, Edge, and Internet Explorer 11.

All earlier versions of contain a use-after free vulnerability that could allow an attacker to take control of a compromised system.

The bug was reported to Adobe by Google's Threat Analysis Group.

Despite the current narrow focus of the new Flash attacks, it is still a good idea to patch Flash Player as soon as an update is available. According to Microsoft, over 90 percent of attack pages online in 2015 contained malicious Flash Player objects.

Security firm Trustwave recently reported that almost 40 percent of the zero-day vulnerabilities identified in 2015 were in Flash Player and 80 percent of the new exploits added to widely used Web-based exploit kits were for Flash Player flaws.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags MicrosoftLinuxadobeWindows 7Macadobe flashcyber securityChrome OSzero-day exploitsflash playerWindows 8.1edgeInternet Explorer 11Windows 10turstwave

More about AdobeGoogleLinuxMicrosoftTrustwave

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

More videos

Blog Posts

Market Place