Another emergency patch fixes 'critical' Flash player flaw

Adobe say the update will patch a significant vulnerability affecting Windows users

Adobe Flash hit with zero day vulnerability again

Adobe has warned its customers to update Flash player software immediately, following the discovery of a 'critical' flaw that has already been exploited by malware.

The emergency security update released yesterday aims to fix a single vulnerability designated 'CVE-2016-7855'. This use-after-free memory flaw allows hackers to gain full remote access to a system when the user views a harmful flash-media file.

"Adobe is aware of a report that an exploit exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10," said Adobe in a blog post.

A security update has also been released as a precaution for macOS, Linux and ChromeOS operating systems.

Advertisement - Article continues below
Advertisement - Article continues below

Google Threat Analysis Group researchers Neel Mehta and Billy Leonard first spotted the flaw and reported it to Adobe, however an update could not be released before exploits had found their way onto user systems.

Adobe has recommended users update to the latest versions of Flash player, which will fix the flaw and prevent future attacks.

Desktop Flash software, as well as Flash players on Chrome, Microsoft Edge and Internet Explorer 11, using versions and under, are vulnerable to the latest exploit.

Linux users on and under should also update to the latest security patch.

The latest patch follows a similar 'critical' security patch that dropped earlier this month, as Adobe worked to fix 12 significant vulnerabilities affecting use-after-free memory flaws.

These latest security concerns will likely further justify calls from the security community to abandon the Flash player in favour of a more reliable and secure HTML5 format. Many high profile companies, such as Apple, have blocked older unfsafe versions of flash, however some have abandoned the buggy plugin completely.

Advertisement - Article continues below

Following an announcement in May, Google Chrome will begin auto-defaulting to HTML5 format on all but 10 high-traffic websites, such as YouTube and Facebook, by the end of the year.

Browser provider Mozilla announced in July that it would begin slowly blocking Flash content entirely on its Firefox platform, replacing it with HTML by 2017.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now


internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Business strategy

Adobe shuts down service to Venezuela

9 Oct 2019

Most Popular

Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020