On Tuesday, Adobe released a security advisory for a zero-day bug being exploited in the wild and vowed a patch.
According to the advisory, this bug is a critical issue that affects Adobe Flash Player 18.104.22.168 and earlier across Windows, Mac, Linux, and Chrome operating systems. The vulnerability, dubbed CVE-2016-1019, "could cause a crash and potentially allow an attacker to take control of the affected system." Adobe said that it is aware of the bug being exploited on systems running Windows 7 and Windows XP with Flash Player version 22.214.171.1246 and earlier. The company introduced a mitigation for the bug in Flash Player 126.96.36.199, which protects users running this version or later. Adobe urges users, who have not yet done so, to update their Flash Player to the current version via the update mechanism or via the Adobe Flash Player Download Center. To verify what version is installed on your system, you can visit the About Flash Player page or right-click on content running in Flash and select "About Adobe (or Macromedia) Flash Player." It is worth noting that users must install the update in all browsers installed on their systems, so if you use multiple browsers, be sure to update each one.
Adobe received reports of this vulnerability being exploited in the wild by Kafeine (EmergingThreats/Proofpoint), Genwei Jiang (FireEye, Inc.), and Clement Lecigne of Google. The company thanked these sources for their reports and cooperation. Users can expect Adobe to release the emergency patch on April 7th.
Photo: © iStock.