Another Adobe Flash Player zero-day has been found being exploited in “limited, targeted attacks”. Adobe has stated it will be patched later this week.
The vulnerability, CVE-2016-4171 (CVE) impacts versions 21.0.0.242 and below on all operating systems.
“Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system,” Adobe mentioned in its security advisory.
Adobe said that the exploit, which was found by Kaspersky Lab researcher Anton Ivanov, will be patched as early as June 16, 2016.
Other patches by Adobe
The zero-day was expected to be fixed today, but Adobe instead released updates for many of their other products including Adobe DNG Software Development Kid, Adobe Brackets, Adobe Creative Cloud Desktop Application and hotfixes for ColdFusion.
ColdFusion had the highest priority which impacted ColdFusion Update 1, ColdFusion 11 update 8 and earlier, and ColdFusion Update 19 and earlier. The patch was pushed Tuesday June, 14 and does not require machines to reboot.
You can see the full list of patched products on their security advisory page, here.