Critical security flaw in Flash has no patch

There is a critical new security vulnerability in Flash Player that is being exploited, and Adobe will only be able to issue a patch later this week, Ars Technica reported.

Dubbed CVE-2016-4171, Adobe’s security advisory on the vulnerability states it affects the latest version (21.0.0.242) of the Flash Player, and all earlier versions.

The Windows, Mac, Linux, and Chrome OS versions of the Flash Player are affected.

“Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system,” warned Adobe.

Kaspersky reported that it has seen the exploit used by an advanced persistent threat group called StarCruft.

StarCruft’s victims have been observed in several countries, including Russia, South Korea, China, and India.

One of the group’s major operations, Operation Daybreak, appears to use a 0-day Flash Player exploit, focussing on high-profile victims.

Adobe said it would have a patch “as early as” 16 June.

More on Flash

Stop using Flash, says Adobe

Adobe Flash Zero-Day exploit

38 million accounts compromised in extensive Adobe data breach

Adobe customer data, source code stolen in cyber attack

Don't miss the latest news

• Add MyBroadband as a preferred source in Google Search
• Follow MyBroadband on Google News