Adobe Flash partial 0-day patched in OOB release

Adobe addressed a partial 0-day vulnerability its Flash player with a software release on April 7, 2016. The new version of Flash fixes 24 vulnerabilities, with CVE-2016-1019 under active attack through the Magnitude Exploit Kit.

The vulnerability is a partial 0-day because in the newest version of Flash a mitigation strategy introduced by Adobe prevents exploitation. Pre-Patch Tuesday March versions of Flash are exploitable though.

Our RTI on QId: 124779 continues to be on level: ExploitKit as the vulnerable version of the player is already under active attacks by Exploit Kits. We have now added an RTI of POC as well on QId: 124872 for the new Adobe Flash version to reflect that it addresses a vulnerability that might evolve to circumvent the mitigation present in the newest version of Flash.

Leave a Reply

Your email address will not be published. Required fields are marked *