It was only a couple of weeks ago when Adobe rolled out an emergency patch to fix vulnerabilities of the Flash Player. But it seems threat actors are not wasting time exploiting more of the already vulnerable application, forcing Adobe to release another wave of patches.
The Adobe Flash Player is once again being exploited through targeted attacks aimed at nine vulnerabilities that all lead to remote code execution. These include CVE-2016-7857, CVE-2016-7859, CVE-2016-7861, CVE-2016-7863, and CVE-2016-7865.
The vulnerabilities affect 18.104.22.168 and earlier versions of the following applications:
- Adobe Flash Player Desktop Runtime in Windows and Mac
- Adobe Flash Player for Google Chrome in Windows, Macintosh, Linux and Chrome OS
- Adobe Flash Player for Microsoft Edge and Internet Explorer 11 in Windows 8.1 and 10
It will also hit 22.214.171.1243 and earlier versions of the Adobe Flash Player for Linux.
As reported by Trend Micro’s Zero Day Initiative, the Adobe Flash Player update version 126.96.36.199 will fix 6 use-after-free vulnerabilities, and 3 type confusion flaws. Users are strongly advised to update to the latest version right away to protect the host system.
After updating, the versions of Adobe Flash Player Desktop Runtime, Adobe Flash Player for Google Chrome, and Adobe Flash Player for Microsoft Edge and Internet Explorer 11 should now be 188.8.131.52. Adobe Flash Player for Linux, on the other hand, will be updated to 184.108.40.2064.
Updates are now available from the Flash Player Download Center, Flash Player Distribution, Google Chrome Releases, and Microsoft Security Advisory. If updates are set to automatic, you just need to verify the version of the Adobe Flash Player installed.
Verify Adobe Flash Player Version
- Visit the About Flash Player page, or right-click on a Flash content and click “About Adobe Flash Player”.
- Check Flash Player in every browser it’s installed.
After the update to fix the critical CVE-2106-7855 vulnerability, another update was rolled out. Make sure you have the latest version installed.