Windows 10 Adobe Flash Critical Flaw Is Being ‘Actively Exploited’

Users of the Windows 10 operating system are being warned about a critical vulnerability with Adobe Flash.

The warning came from Adobe itself when it announced it would be issuing a security update this week in order to plug the flaw.

Critical Vulnerability

“A critical vulnerability (CVE-2016-1019) exists in Adobe Flash Player 21.0.0.197 and earlier versions for Windows, Macintosh, Linux, and Chrome OS,” said Adobe in the security advisory. “Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.”

Adobe urged Flash users to update immediately to the latest Flash Player (21.0.0.182) version to prevent the flaw being exploited – something which is already happening in the wild.

“Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier,” the company added. “A mitigation introduced in Flash Player 21.0.0.182 currently prevents exploitation of this vulnerability, protecting users running Flash Player 21.0.0.182 and later.

“Adobe is planning to provide a security update to address this vulnerability as early as April 7.”

Adobe used its security advisory to thank Kafeine (EmergingThreats/Proofpoint) and Genwei Jiang (FireEye), as well as Clement Lecigne (Google) for reporting the flaw and working with it to patch the vulnerability.

Flash Flaws

Flaws and vulnerabilities with Adobe Flash are a depressingly familiar story to many in the security industry. Last year Mozilla lost patience and blocked Adobe Flash by default following the discovery of yet more zero-day vulnerabilities in the browser plug-in. That block remained in place until Adobe rushed out a patch for the flaw.

And even Adobe recognises the days of Flash are numbered.

In December, it acknowledged the inevitability of an HTML5 world and said it was now “encouraging” developers and content creators away from Flash, in order to use newer web standards.

Adobe’s Flash was also famously hated by the late Steve Jobs as well, after the former Apple CEO famously called it a doomed technology. Indeed, such was Jobs opposition to Flash that he publicly attacked it in April 2010, which prompted a bitter spat with Adobe’s CEO.

The bad blood between Apple and Adobe continued for some time, not helped by an Adobe ad campaign that blasted Apple for its closed approach regarding developer licensing.

Are you a security pro? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago