Sunday, November 12, 2017
Home / Security / Exploits / Flash Zero-day exploited in the wild – CVE-2016-4171
CVE-2016-4171 flash zero-day

Flash Zero-day exploited in the wild – CVE-2016-4171

Another Adobe Flash Player zero-day has been found being exploited in “limited, targeted attacks”. Adobe has stated it will be patched later this week.

The vulnerability, CVE-2016-4171 (CVE) impacts versions 21.0.0.242 and below on all operating systems.

“Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system,” Adobe mentioned in its security advisory.

Adobe said that the exploit, which was found by Kaspersky Lab researcher Anton Ivanov, will be patched as early as June 16, 2016.

Other patches by Adobe

The zero-day was expected to be fixed today, but Adobe instead released updates for many of their other products including Adobe DNG Software Development Kid, Adobe Brackets, Adobe Creative Cloud Desktop Application and hotfixes for ColdFusion.

ColdFusion had the highest priority which impacted ColdFusion Update 1, ColdFusion 11 update 8 and earlier, and ColdFusion Update 19 and earlier. The patch was pushed Tuesday June, 14 and does not require machines to reboot.

You can see the full list of patched products on their security advisory page, here.

About Kyle

Co-owner, writer and editor at Zerosecurity. Security and tech enthusiast. Programmer. Music lover and avid festival goer.

Check Also

Amazon hacked – hacker leaks 80,000 login credentials

A hacker going by the name 0x2Taylor has said to have breached the servers of …