​Adobe plugs another Flash Player zero-day under attack

Microsoft and Adobe have rolled out patches to block a previously unknown flaw in Flash Player that is being used in targeted attacks.

The attacks are aimed at a select group of users with Flash running Internet Explorer 32-bit on Windows, according to Adobe, which released a fix as part of its regular monthly update aligned with Microsoft’s Patch Tuesday.

“Adobe is aware of a report that an exploit for CVE-2016-7892 exists in the wild, and is being used in limited, targeted attacks against users running Internet Explorer (32-bit) on Windows,” Adobe said.

There are no details as to what group is using the flaw, which was reported anonymously to Adobe.

This is the fifth Flash Player zero-day patched by Adobe this year, the last of which was in October, again in limited, targeted attacks but against users running Windows 7, 8.1 and 10.

Adobe’s December update closes 17 flaws for Windows, macOS, Linux and Chrome OS. The update moves Flash Player for all browsers and platforms up to version The last zero

The patch arrives on the heels of Google kicking off HTML5 by default in Chrome, which will add substantial pressure on websites to replace Flash content players with an HTML5 player.

Google in August that it would disable Flash in Chrome 55, released earlier this month, except for sites that only support Flash. Chrome users would then be prompted to enable Flash on those sites.

Google enabled this feature for one percent of Chrome 55 users this week and half of its users on the Chrome 56 beta channel. In February, when Chrome 56 moves to a stable release, the feature will hit all users.

By October next year it will require all sites to gain user permission before running Flash in Chrome. Ahead of this, starting in January, Chrome users will be prompted to permit Flash for each new site they visit.

Adobe on Tuesday also released patches for Animate, Experience Manager Forms, DNG Converter, Experience Manager, InDesign, ColdFusion Builder, Digital Editions, and RoboHelp.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags Microsoftflash playerzero-dayindesignLiam Tung​Adobe plugsExplorer 32-bitRoboHelpMicrosoft’s Patch TuesdayColdFusion BuilderExperience Manager FormsDNG ConverterDigital EditionsAnimateExperience Manager

More about AdobeGoogleLinuxMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Liam Tung

Latest Videos

More videos

Blog Posts