Once again Adobe Flash Player is the target of hackers in the wild. Adobe has released security updates for several of its products announcing that the fix for a critical Flash Player zero-day vulnerability (CVE-2016-4171) exploited in targeted attacks will only be issued later this week.
A security fix for the vulnerability is expected to become available starting from June 16.
The security vulnerability was reported by Anton Ivanov from Kaspersky that explained that the flaw could be exploited by hackers gain complete control of the vulnerable systems.
The Flash Player flaw CVE-2016-4171 affects versions 184.108.40.206 and earlier for Windows, Mac, Linux and Chrome OS.
The Adobe Security Advisory confirms that CVE-2016-4171 does not appear to have been exploited in large-scale attacks, anyway threat actors have been leveraged the flaw in surgical attacks.
“A critical vulnerability (CVE-2016-4171) exists in Adobe Flash Player 220.127.116.11 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.” states the Adobe Security Advisory.
Adobe is aware of a report that an exploit for CVE-2016-4171 exists in the wild, and is being used in limited, targeted attacks. Adobe will address this vulnerability in our monthly security update, which will be available as early as June 16. For the latest information, users may monitor the Adobe Product Security Incident Response Team blog.”
Adobe issued a security bulletin to inform users about the availability of security updates for the Adobe Digital Negative (DNG) Software Development Kit (SDK).
Adobe fixed a number of flaws in several products, the company also informed customers about the availability of security updates for the Digital Negative (DNG) software development kit (SDK).
The memory corruption vulnerability (CVE-2016-4167) affects the Windows and Mac versions of the product.
Below a list of other security updates that address the following vulnerabilities in Adobe solutions:
Adobe confirmed that its experts are not aware of any exploits existing in the wild for these flaws.
Security Affairs – (CVE-2016-4171, Adobe)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.