A new Abobe Flash patch that has just been released, Amol Sarwate, Director of Vulnerability at Qualys commented below.
Amol Sarwate, Director of Vulnerability at Qualys:
“Adobe released APSB16-36 today to fix one 0-day vulnerability in Flash for a critical security flaw. The release is an emergency fix after the vulnerability was discovered in a range of active attacks. All platforms including Windows, Macintosh, Linux and Chrome OS are affected.
The vulnerability (CVE-2016-7855) is triggered when the victim views malicious Adobe Flash content. Users can end up exposed to Flash by clicking on bad links from e-mails, viewing adverts that include Flash on websites and blogs, on bulletin boards and other sources. If left unpatched, attackers can remotely take complete control of the machine.
This is the fourth zero-day vulnerability which has been fixed by Adobe this year. Currently, Adobe Flash is the favourite mechanism used by which Exploit Kits and bad actors compromise a machine. As awareness of this vulnerability is already out in the public, users should patch as soon as possible.”