Windows 10 Adobe Flash Critical Flaw Is Being ‘Actively Exploited’

Users of the Windows 10 operating system are being warned about a critical vulnerability with Adobe Flash.

The warning came from Adobe itself when it announced it would be issuing a security update this week in order to plug the flaw.

Critical Vulnerability

“A critical vulnerability (CVE-2016-1019) exists in Adobe Flash Player 21.0.0.197 and earlier versions for Windows, Macintosh, Linux, and Chrome OS,” said Adobe in the security advisory. “Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.”

Adobe urged Flash users to update immediately to the latest Flash Player (21.0.0.182) version to prevent the flaw being exploited – something which is already happening in the wild.

“Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier,” the company added. “A mitigation introduced in Flash Player 21.0.0.182 currently prevents exploitation of this vulnerability, protecting users running Flash Player 21.0.0.182 and later.

“Adobe is planning to provide a security update to address this vulnerability as early as April 7.”

Adobe used its security advisory to thank Kafeine (EmergingThreats/Proofpoint) and Genwei Jiang (FireEye), as well as Clement Lecigne (Google) for reporting the flaw and working with it to patch the vulnerability.

Flash Flaws

Flaws and vulnerabilities with Adobe Flash are a depressingly familiar story to many in the security industry. Last year Mozilla lost patience and blocked Adobe Flash by default following the discovery of yet more zero-day vulnerabilities in the browser plug-in. That block remained in place until Adobe rushed out a patch for the flaw.

And even Adobe recognises the days of Flash are numbered.

In December, it acknowledged the inevitability of an HTML5 world and said it was now “encouraging” developers and content creators away from Flash, in order to use newer web standards.

Adobe’s Flash was also famously hated by the late Steve Jobs as well, after the former Apple CEO famously called it a doomed technology. Indeed, such was Jobs opposition to Flash that he publicly attacked it in April 2010, which prompted a bitter spat with Adobe’s CEO.

The bad blood between Apple and Adobe continued for some time, not helped by an Adobe ad campaign that blasted Apple for its closed approach regarding developer licensing.

Are you a security pro? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Spyware Maker NSO Group Found Liable In US Court

Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…

3 days ago

Microsoft Diversifying 365 Copilot Away From OpenAI

Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…

3 days ago

Albania Bans TikTok For One Year After Stabbing

Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…

3 days ago

Foldable Shipments Slow In China Amidst Global Growth Pains

Shipments of foldable smartphones show dramatic slowdown in world's biggest smartphone market amidst broader growth…

3 days ago

Google Proposes Remedies After Antitrust Defeat

Google proposes modest remedies to restore search competition, while decrying government overreach and planning appeal

3 days ago

Sega Considers Starting Own Game Subscription Service

Sega 'evaluating' starting its own game subscription service, as on-demand business model makes headway in…

3 days ago