Adobe fixes actively exploited critical vulnerability in Flash Player
- 15 December, 2016 02:35
Adobe Systems has released security updates for several products, including one for Flash Player that fixes a critical vulnerability that's already known and exploited by attackers.
The Flash Player update fixes 17 vulnerabilities, 16 of which are critical and can be exploited to execute malicious code on affected systems. One of those vulnerabilities, tracked as CVE-2016-7892 in the Common Vulnerabilities and Exposures (CVE) catalogue, is already being used by hackers.
"Adobe is aware of a report that an exploit for CVE-2016-7892 exists in the wild, and is being used in limited, targeted attacks against users running Internet Explorer (32-bit) on Windows," the company said in a security advisory.
The vulnerability was reported anonymously to the company.
Users of Flash Player on Windows, macOS and Linux should upgrade to the newly released version 188.8.131.52 as soon as possible. The Flash Player plug-in bundled with Google Chrome and Internet Explorer on Windows 10 and 8.1 will be updated automatically through the update mechanisms of those browsers.
On Tuesday, the company also patched vulnerabilities in Adobe Animate, Experience Manager, Experience Manager Forms, DNG Converter, InDesign, ColdFusion Builder, Digital Editions and RoboHelp. These products are mostly used in corporate environments.
The flaws in DNG Converter and InDesign are rated as critical, while the rest are rated as important. Users of these products should consider installing the available updates as soon as possible.