Critical Adobe Flash Player Vulnerability Exploited in the Wild

 

A critical new vulnerability (CVE-2016-4171) has been exploited via targeted attacks in Adobe Flash Player 21.0.0.242 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. 

This vulnerability can cause a system crash and possibly allow an attacker to take control of the affected system.

How to Protect Yourself

Once available, Flash Player users should update to the latest version.

(link is external)

Since this is an active vulnerability that is already being exploited, it is crucial that users update their software immediately.

If you are concerned about this issue you can temporarily disable Adobe Flash in the browser until the update is available by taking the following steps:

Internet Explorer versions 10 and 11

1.  Open Internet Explorer

2.  Click on the Tools menu, and then click Manage add-ons

3.  Under “Show”, select All add-ons

4. Select Shockwave Flash Object and then click on the Disable button

You can re-enable Adobe Flash by repeating the same process, selecting Shockwave Flash Object, and clicking on the Enable button.

Guidance for users of earlier versions of Internet Explorer is available on the Microsoft website.

Firefox

1.  Open Firefox

2.  Open the browser menu and click Add-ons

3.  Select the Plugins tab

4. Select Shockwave Flash and click Disable

You can re-enable Flash by repeating the same process, selecting Shockwave Flash, and then clicking on the Enable button.

Chrome

1. Open Chrome

2. Enter chrome://plugins/ in the address bar and hit the Enter key

3. Click the Disable link under the Adobe Flash Player plugin

You can re-enable Flash by repeating the same process and clicking the Enable link.

Norton.com/setup offers protection against this vulnerability (CVE-2016-4171), which is due to be patched by Adobe tomorrow as part of Adobe’s monthly security update.