It seems that the latest version of Flash Player 22.214.171.124 and older versions for Windows, Macintosh, Linux, and Chrome OS contain a critical vulnerability (CVE-2016-1019) which, if exploited, can cause crashes and could allow hackers to take control of the affected device. Adobe is aware of this problem and the developers are trying to fix it as soon as possible.
Two days ago, Adobe has released a Security Advisory for Adobe Flash Player and it referred to vulnerability APSA16-01 with the CVE number CVE-2016-1019. The affected platforms are Windows, Macintosh, Linux and Chrome OS. This critical vulnerability could be exploited on computers running Windows 10 which have version 126.96.36.1996 of Flash Player or earlier. However, an Adobe spokesperson told eWEEK that “While the vulnerability itself exists in the most recent version of Flash Player (version 188.8.131.52 and later), it currently only causes a crash”.
Adobe has introduced in Flash Player 184.108.40.206 a mitigation that protects users against attackers that attempt to exploit this vulnerability, but during today, the company is expected to release a security update. Users are advised to upgrade Flash Player in the moment a new update is released, and in case they haven’t done this yet, they can go to the Adobe Flash Player Download Center and download the software from there, and install it in each browser.
In order to verify what version of Adobe Flash Player is installed on a computer, users will head to the About Flash Player page, or they will right-click on content that runs in Flash Player and in the menu, they will select About Adobe (or Macromedia) Flash Player. This check can be performed on any browser.
The CVE-2016-1019 vulnerability was identified and reported by Kafeine (EmergingThreats/Proofpoint), Genwei Jiang (FireEye, Inc.) and Clement Lecigne of Google, who collaborated with Adobe in order to find solutions to protect customers.