Adobe to issue emergency patch for Flash vulnerability

The patch could come as soon as Thursday

adobe flash player v10 icon
Credit: Adobe Systems

Adobe is working on an emergency patch for its Flash Player after attackers are reportedly exploiting a critical flaw.

The vulnerability, CVE-2016-1019, affects Flash Player version 21.0.0.197 on Windows, Mac, Linux and Chrome OS, according to an advisory published on Tuesday.

The flaw is being actively exploited on Windows XP and 7 systems running Flash Player versions 20.0.0.306 and earlier.

"Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system," it said.

A patch could be released as soon as Thursday.

A mitigation in Flash Player version 21.0.0.182 and above prevents the vulnerability from being exploited, Adobe said. 

Flash Player is a favored target for cyberattackers since it runs on hundreds of millions of computers worldwide and vulnerabilities are frequently found.

On Windows and Mac OS X, Flash Player will regularly check for updates. But the update still must be installed, which some users may neglect to do.

Adobe normally issues patches on the second Tuesday of the month, the same day as Microsoft, but issues emergency patches for particularly bad ones.

Adobe has been working for years to make Flash more secure through code reviews, but it has proven to be a mighty task for an application that's nearly two decades old.

It has, however, seen the writing on wall. In December, Adobe acknowledged that HTML5 was the future of Web animations and built a product called Animate CC for developing content.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:
Must read: Hidden Cause of Slow Internet and how to fix it
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.