Once again Adobe Flash Player is the target of hackers in the wild. Adobe has released security updates for several of its products announcing that the fix for a critical Flash Player zero-day vulnerability (CVE-2016-4171) exploited in targeted attacks will only be issued later this week.
A security fix for the vulnerability is expected to become available starting from June 16.
The security vulnerability was reported by Anton Ivanov from Kaspersky that explained that the flaw could be exploited by hackers gain complete control of the vulnerable systems.
The Flash Player flaw CVE-2016-4171 affects versions 18.104.22.168 and earlier for Windows, Mac, Linux and Chrome OS.
The Adobe Security Advisory confirms that CVE-2016-4171 does not appear to have been exploited in large-scale attacks, anyway threat actors have been leveraged the flaw in surgical attacks.
“A critical vulnerability (CVE-2016-4171) exists in Adobe Flash Player 22.214.171.124 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.” states the Adobe Security Advisory.
Adobe is aware of a report that an exploit for CVE-2016-4171 exists in the wild, and is being used in limited, targeted attacks. Adobe will address this vulnerability in our monthly security update, which will be available as early as June 16. For the latest information, users may monitor the Adobe Product Security Incident Response Team blog.”
Adobe issued a security bulletin to inform users about the availability of security updates for the Adobe Digital Negative (DNG) Software Development Kit (SDK).
Adobe fixed a number of flaws in several products, the company also informed customers about the availability of security updates for the Digital Negative (DNG) software development kit (SDK).
The memory corruption vulnerability (CVE-2016-4167) affects the Windows and Mac versions of the product.
Below a list of other security updates that address the following vulnerabilities in Adobe solutions:
Adobe confirmed that its experts are not aware of any exploits existing in the wild for these flaws.
Security Affairs – (CVE-2016-4171, Adobe)