Skip to main content

Adobe releases emergency patch to fix latest Flash vulnerability

A new vulnerability has been found in Adobe's Flash Player that allows attackers to remotely execute code after a user has viewed a media file designed to target their system.

The company has already released an emergency patch for its media software to deal with this issue that specifically targets the CVE-2016-7855 vulnerability. The use-after-free vulnerability resulted from a programming error that allows an attacker to exploit the memory of a system as a means of executing code remotely.

Adobe was first informed of the vulnerability by Neel Mehta and Billy Leonard of the Google Threat Analysis Group after they discovered it. However, it was found quickly enough that it will be possible for the company to patch it before any attackers are able to utilise it to target unsuspecting users. Adobe also noted that it is aware of the attacks that have begun to target systems running Windows 7, 8 and 10 with the aim of infecting those machines with malware.

The company has informed both users and administrators to update any system running Flash Player as soon as possible to avoid falling victim to an attack. Google's Chrome browser will receive an update to fix the issue automatically while Microsoft will be sending out a fix of its own to deal with the issue on its Microsoft Edge Browser and on Internet Explorer 11 and later. This vulnerability will likely help push the argument that Adobe Flash should be abandoned entirely in favour of HTML 5 which is a newer and more secure alternative for viewing media online.

A large number of web publishers have already begun to move away from the company's software and have adopted this new standard in order to protect their customers from being attacked.    

Image Credit: 360b / Shutterstock

Anthony Spadafora
After living and working in South Korea for seven years, Anthony now resides in Houston, Texas where he writes about a variety of technology topics for ITProPortal.