Update your Adobe Flash Player immediately.
Check the version of Adobe Flash Player on your system and if the version is 220.127.116.11 or earlier, then immediately update the player to version 18.104.22.168. Researchers at Google’s Threat Analysis Group have identified and reported zero-day vulnerabilities through the Flash player in Windows, Mac, Linux and Chrome OS systems. If the the autoupdater has not yet updated Flash, then manually update it immediately.
Google’s researchers state that the vulnerability was being actively exploited by cyber criminals. Adobe released an emergency patch for this critical flaw within a week, followed by another critical security update two weeks later. Adobe had released the emergency patch to address the vulnerability identified as CVE-2016-7855. According to Adobe, the latest patch addresses nine critical vulnerabilities.
The browsers – Microsoft Edge, IE 11 and Google Chrome have been affected. The vulnerabilities were due to type confusion flaws and use-after-free vulnerabilities.
When Google’s Threat Analysis Group researchers discovered the exploits they found that a Windows kernel zero day vulnerability had been chained with Adobe Flash zero day vulnerability. While Adobe fixed the issue, Microsoft had delayed in issuing the fix; and it is expected to issue patches in its scheduled Patch Tuesday bulletins.
The updates released by Adobe addresses Nine Code Execution Flaws in total. Adobe has also released patches for its web conferencing software – Connect for Windows.
Linux users are advised to get the update from Adobe’s download center, while Google will add the fix in the new update of its browser. Users are requested to update their operating systems and internet browsers immediately with the released software patches in order to stay protected against the critical vulnerabilities.
Cyber security experts have been favoring moving over to HTML5 standard for multimedia as it considered to be more secure than Flash. Numerous bugs have been found in Flash, and it does not seem to end.
The vulnerabilities in Flash has led to stricter rules in allowing Flash to run on the browsers, and in the days to come we may see even more stricter conditions.
Users must take adequate measures to stay protected with an advanced antivirus program that employs auto-sandboxing to block zero-day exploits.