Adobe plans emergency patch for nasty Flash vulnerability

The patch could come as soon as Thursday

flash crash

Adobe is working on an emergency patch for its Flash Player after attackers are reportedly exploiting a critical flaw.

The vulnerability, CVE-2016-1019, affects Flash Player version 21.0.0.197 on Windows, Mac, Linux and Chrome OS, according to an advisory published on Tuesday.

The flaw is being actively exploited on Windows XP and 7 systems running Flash Player versions 20.0.0.306 and earlier.

“Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system,” it said.

A patch could be released as soon as Thursday.

A mitigation in Flash Player version 21.0.0.182 and above prevents the vulnerability from being exploited, Adobe said. 

Flash Player is a favored target for cyberattackers since it runs on hundreds of millions of computers worldwide and vulnerabilities are frequently found.

On Windows and Mac OS X, Flash Player will regularly check for updates. But the update still must be installed, which some users may neglect to do.

Adobe normally issues patches on the second Tuesday of the month, the same day as Microsoft, but issues emergency patches for particularly bad ones.

Adobe has been working for years to make Flash more secure through code reviews, but it has proven to be a mighty task for an application that’s nearly two decades old.

It has, however, seen the writing on wall. In December, Adobe acknowledged that HTML5 was the future of Web animations and built a product called Animate CC for developing content.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Related:
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.