Adobe readies patch for Flash Player zero-day exploit found in attacker toolkits

Adobe is furiously working on a fix to patch up a vulnerability in Adobe Flash Player which is being actively exploited by cyberattackers to deliver malware.

According to a security advisory released by the software giant on Tuesday, the zero-day vulnerability, CVE-2016-4117, is being used actively to compromise victim PCs.

The critical vulnerability affects Windows, Mac, Linux and Chrome operating systems. Adobe says successful exploitation “could cause a crash and potentially allow an attacker to take control of the affected system.”

More security news

However, a patch to fix the problem will not be ready until May 12 as part of Adobe’s monthly security update.

Discovered by Genwei Jiang from cybersecurity firm FireEye, the exploit is bad news for users who insist on using the ever-vulnerable Adobe Flash Player. The software, which useful for displaying content in browsers, is forever being updated with reams of bug fixes and patches — many of which are critical issues relating to session hijacking, system takeovers and remote code execution.

In addition to this advisory, the Adobe Product Security Incident Response Team also released a hotfix for three vulnerabilities in ColdFusion.

In related news, targeted attacks are currently taking place against South Korean targets using CVE-2016-0189, a memory corruption vulnerability exploited through Microsoft’s Internet explorer browser.

Read on: Top picks