IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Another emergency patch fixes 'critical' Flash player flaw

Adobe say the update will patch a significant vulnerability affecting Windows users

Adobe Flash hit with zero day vulnerability again

Adobe has warned its customers to update Flash player software immediately, following the discovery of a 'critical' flaw that has already been exploited by malware.

The emergency security update released yesterday aims to fix a single vulnerability designated 'CVE-2016-7855'. This use-after-free memory flaw allows hackers to gain full remote access to a system when the user views a harmful flash-media file.

"Adobe is aware of a report that an exploit exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10," said Adobe in a blog post.

A security update has also been released as a precaution for macOS, Linux and ChromeOS operating systems.

Google Threat Analysis Group researchers Neel Mehta and Billy Leonard first spotted the flaw and reported it to Adobe, however an update could not be released before exploits had found their way onto user systems.

Adobe has recommended users update to the latest versions of Flash player, which will fix the flaw and prevent future attacks.

Desktop Flash software, as well as Flash players on Chrome, Microsoft Edge and Internet Explorer 11, using versions 23.0.0.185 and under, are vulnerable to the latest exploit.

Linux users on 11.2.202.637 and under should also update to the latest security patch.

The latest patch follows a similar 'critical' security patch that dropped earlier this month, as Adobe worked to fix 12 significant vulnerabilities affecting use-after-free memory flaws.

These latest security concerns will likely further justify calls from the security community to abandon the Flash player in favour of a more reliable and secure HTML5 format. Many high profile companies, such as Apple, have blocked older unfsafe versions of flash, however some have abandoned the buggy plugin completely.

Following an announcement in May, Google Chrome will begin auto-defaulting to HTML5 format on all but 10 high-traffic websites, such as YouTube and Facebook, by the end of the year.

Browser provider Mozilla announced in July that it would begin slowly blocking Flash content entirely on its Firefox platform, replacing it with HTML by 2017.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Adobe forced to patch its own failed security update
bugs

Adobe forced to patch its own failed security update

18 Feb 2022
Hackers use Linux backdoor on compromised e-commerce sites with software skimmer
malware

Hackers use Linux backdoor on compromised e-commerce sites with software skimmer

19 Nov 2021
Iranian hackers ramp up attacks against IT services sector
hacking

Iranian hackers ramp up attacks against IT services sector

19 Nov 2021
TikTok phishing campaign tried to scam over 125 influencer accounts
social media

TikTok phishing campaign tried to scam over 125 influencer accounts

18 Nov 2021

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
IT admin deletes company’s databases and is jailed for seven years
Policy & legislation

IT admin deletes company’s databases and is jailed for seven years

16 May 2022