Email
Password
Remember meForgot password?
    Log in with Twitter

article imageHackers have found yet another 'critical' Flash bug before Adobe

By James Walker     Apr 6, 2016 in Technology
Adobe has warned Flash users that another zero-day vulnerability in the utility is being actively exploited by attackers and could provide access to their computer. The company is developing an update to fix the issue.
Adobe said in a public security advisory that it intends to publish the patch later this week. In the meantime, users will be at risk of having their computer hijacked by hackers who have already discovered the bug.
The issue is present in Adobe Flash Player 21.0.0.197 and all earlier versions for Windows, Macintosh, Linux and Chrome OS. Adobe is "aware of reports" it is being actively exploited on Windows systems. The company originally said only Windows 7 and XP machines are being targeted but has since updated the advisory to include all Windows versions up to Windows 10.
According to Adobe, successful exploitation "could cause a crash and potentially allow an attacker to take control of the affected system." Hackers would be able to access the target machine to run their own code, delete files and steal personal data.
Flash Player version 21.0.0.182 includes a mitigation that temporarily prevents exploitation of the vulnerability. Adobe advises all Flash users to install the update immediately if it is not already applied. It can be downloaded online or within the Flash Player updater utility.
The exploit is the latest in a long line of critical vulnerabilities in Flash. The aging software, once a valued technology, is currently experiencing a prolonged demise, regularly putting users at risk in a series of security issues that show no signs of slowing down.
Adobe's security advisory today comes just three weeks after it patched up another critical vulnerability. The March bug was also being actively exploited before it could be fixed. Flash has become an easy target for hackers and Adobe is struggling to keep up with the number of flaws being discovered.
Web developers are now moving away from Flash. It has been superseded by newer technologies built into web browsers that have greater performance and better security than the aging plugin. Even Adobe is now favouring use of HTML5 over Flash, advising other developers not to create new projects in Flash.
Adobe thanked Kafeine of Proofpoint, Genwei Jiang of FireEye and Clement Lecigne of Google for bringing the latest vulnerability to its attention. It will release a fix as soon as tomorrow which all users should install as soon as possible. After that, hackers will be searching for a new bug to exploit. Based on past evidence, it's not likely to take them long.
More about Adobe, Adobe Flash, Bug, Security, Vulnerability
 
Latest News
Top News