U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Adobe to patch Flash Player zero-day vulnerability actively exploited in the wild

A new Flash Player zero-day vulnerability (CVE-2016-1019) has been actively exploited by threat actors in attacks against systems running Windows XP and 7. Once again a zero-day vulnerability in the Adobe Flash Player 21.0.0.197 is threatening Internet users worldwide. The news was spread by Adobe that issued a security alert on Tuesday anticipating an imminent […]

adobe flaws

A new Flash Player zero-day vulnerability (CVE-2016-1019) has been actively exploited by threat actors in attacks against systems running Windows XP and 7.

Once again a zero-day vulnerability in the Adobe Flash Player 21.0.0.197 is threatening Internet users worldwide. The news was spread by Adobe that issued a security alert on Tuesday anticipating an imminent release for a security patch.

The vendor, which will release a security patch as early as April 7, has credited Kafeine of Proofpoint, Genwei Jiang of FireEye, and Clement Lecigne of Google for reporting the issue.

The bad news is that according to the company, the Flash Player zero-day vulnerability (CVE-2016-1019) has been actively exploited by threat actors. Adobe is aware of cyber attacks exploiting the CVE-2016-1019 have been launched against systems running Windows XP and Windows 7 with Flash 20.0.0.306 and earlier.

“A critical vulnerability (CVE-2016-1019) exists in Adobe Flash Player 21.0.0.197 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.” states the advisory published by Adobe on the Flash Player zero-day vulnerability.

Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 7 and Windows XP with Flash Player version 20.0.0.306 and earlier.”

Flash Player zero-day vulnerability

The Flash Player zero-day vulnerability affects the Player 21.0.0.197 and earlier versions for Windows, Mac, Linux and Chrome OS. The advisory confirms that the Flash Player version 21.0.0.182 released in March introduced a mitigation that prevents attackers from triggering the flaw.

“A mitigation introduced in Flash Player 21.0.0.182 currently prevents exploitation of this vulnerability, protecting users running Flash Player 21.0.0.182 and later. Adobe is planning to provide a security update to address this vulnerability as early as April 7. For the latest information, users may monitor the Adobe Product Security Incident Response Team blog.”

The vendor also published some suggestions on mitigations, users have to run Flash installation 21.0.0.182 or later due to the mitigation recently introduced.

“To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select “About Adobe (or Macromedia) Flash Player” from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.”

Unfortunately, similar events are becoming too frequent, this is the third time that Adobe released a Flash Player update this year. The first updated was released in February, meanwhile, a second update was released in March, when Adobe fixed a number of flaws including the CVE-2016-1010.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Flash Player zero-day vulnerability, CVE-2016-1019)