New zero-day vulnerability found in Adobe Flash

Another day, another Adobe Flash zero-day exploit. Seriously, I thought the damn beast was dead, but as it turns out, it's still alive and kicking. And being kicked, by hackers all over the world.

Security researchers from Symantec just released a new report saying a new zero-day vulnerability is being exploited in 'limited, targeted attacks'. The vulnerability, which Symantec named CVE-2016-4171, will be patched during the day as part of Adobe's regular monthly security update, and the company has rolled out an antivirus signature to keep its users safe in the meantime.

The vulnerability is affecting the Flash Player version 21.0.0.242 and earlier ones, on Windows, Mac OS X, Linux and Chrome OS.

Flash Player users are advised to update to the latest version as soon as it is available. In the meantime, there is something users can do to stay safe:

Chrome

  • Open Chrome
  • Enter chrome://plugins/ in the address bar and hit the Enter key
  • Click the Disable link under the Adobe Flash Player plugin

Firefox

  • Open Firefox
  • Open the browser menu and click Add-ons
  • Select the Plugins tab
  • Select Shockwave Flash and click Disable

Internet Explorer versions 10 and 11

  • Open Internet Explorer
  • Click on the Tools menu, and then click Manage add-ons
  • Under “Show”, select All add-ons
  • Select Shockwave Flash Object and then click on the Disable button

All browsers allow Flash to be re-enabled by repeating the same process, and just pressing 'enable' instead of 'disable'.

Image Credit:360b / Shutterstock