Critical Zero-Day Vulnerability in Flash Player

by Mark Farish, Senior Systems Engineer

Adobe Systems has released a security advisory for a critical zero-day vulnerability (CVE-2016-4171) that exists in Flash Player 21.0.0.242 and earlier versions, relevant on Windows, Macintosh, Chrome and Linux operating systems. Adobe plans to address the vulnerability in a security update, which Adobe expects to have available on June 16, 2016.

You can read more about this advisory from the Adobe Systems web page here.

As a result, Symantec is issuing a signature for its antivirus clients to block attempted exploits until the Adobe patch is made available. You can read more about the signature update at the Symantec Security Center page here.

Now is a good time to review your security practices. Review firewall rules and only allow inbound Internet connections that are trusted and outbound services that explicitly need to be allowed. Continue to remind employees about the dangers of opening suspect email attachments or clicking hyperlinks which are from unknown senders.  Continue to keep all systems patched and compliant; most importantly that infrastructure which is Internet facing.

If you have any questions or would like to request more information on this topic, please contact us at support@helient.com.