Adobe has issued a warning about a severe flaw in its Flash Player which the company acknowledges is being actively exploited, and thus a fix is being cooked up pronto.
The critical vulnerability – CVE-2016-1019 – affects Adobe Flash Player 21.0.0.197 and earlier, across Windows, OS X, Linux and Chrome OS. An attacker could use this to potentially crash a PC and take control of the system, so it’s a nasty one.
There are reports of this flaw being exploited on computers running Windows 7 and Windows XP with Flash version 20.0.0.306 or older, Adobe notes, but there is a mitigation built into versions 21.0.0.182 and later which means that folks running this version or better are (theoretically) safe.
So it’s a good idea to ensure your Flash Player is up-to-date, and check the version across all browsers you use – you can do so by popping over to this Adobe page which provides version information.
Adobe is working on a full fix for the vulnerability right now, and expects that to be deployed tomorrow.
The discovery of the flaw has been credited to Kafeine (EmergingThreats/Proofpoint) and Genwei Jiang (FireEye), as well as Clement Lecigne, a security engineer at Google.
Flash is of course rather famous now for its security holes, and is always a tempting target for malicious parties hunting for potential exploits.
But not for much longer. At the close of last year, even Adobe distanced itself from Flash, encouraging content creators to use modern web standards such as HTML5 instead.
[source :-in.techradar]