Adobe Flash Player under new 0-day attack

Adobe announced that a new version of their Flash Player product is expected to be released this week. The new version will address CVE-2016-1019, a critical vulnerability that is currently being exploited in the wild.

However, if you are current with your Flash player patches you are protected. If you have the newest Flash player installed (v21.0.0.182 released on the last Patch Tuesday March 10, 2016, also a 0-day included by the way) you are immune against the current attack. One  of the mitigation techniques introduced in that version prevents the current exploitation.

The RTI on QId: 124779 continues to be on level: ExploitKit as the vulnerable version of the player is already under active attacks by Exploit Kits.

Leave a Reply

Your email address will not be published. Required fields are marked *