Adobe issues emergency patch as more security vulnerabilities are found in FlashBy Rob Thubron
If you're one of the few people still using Flash Player, then you should heed Adobe's advice and update it ASAP. The company is urging users to patch its web platform after 23 security vulnerabilities were identified in the current version of Flash, including one that's already being used in the wild.
"Adobe is aware of a report that an exploit for CVE-2016-1010 is being used in limited, targeted attacks," the company said.
There are four different types of vulnerability that the patch addresses: integer overflow, use-after-free, heap overflow, and memory corruption. The exploit that is already being used in attacks, which Adobe says was discovered by Anton Ivanov of Kaspersky Lab, stems from an integer overflow vulnerability.
Of the other vulnerabilities discovered, Google's Project Zero team and HPE's Zero Day Initiative found eight each, while Alibaba, Tencent, and Microsoft security teams found two each.
Adobe advises users to upgrade Flash Player to version 22.214.171.124 for Windows or Mac and version 126.96.36.1997 for Linux.
Flash Player plug-ins bundled with Chrome, Internet Explorer on Windows 10 and 8, and Microsoft Edge browsers will update automatically. Any Windows 7 Flash users must update manually.
Adobe has also released version 188.8.131.52 of AIR Desktop Runtime, AIR SDK, AIR SDK & Compiler and AIR for Android.
Once found on over 800 million cell phones manufactured by 20 handset makers, the constant vulnerabilities that are being discovered in Flash - along with the move toward HTML5 - is causing the platform to slowly die off. Used by 50 percent of websites in 2011, less than 20 percent of sites now feature Flash Content (including ads).
With today's news exposing yet more vulnerabilities in Adobe's software, you should check out our article on disabling Flash.