Site icon The Mac Security Blog

Adobe Flash Player 21.0.0.242 Released with Security Patches

Adobe Systems has just released Flash Player updates with patches for a zero-day exploit, issuing Flash version 21.0.0.242 for Windows and Macintosh, and version 11.2.202.621 for Linux. The now outdated Flash Player versions are vulnerable to a zero-day flaw, identified as CVE-2016-4117, which is being used actively to compromise PCs.

“Adobe is aware of reports that an exploit for CVE-2016-4117 exists in the wild,” the software company confirmed. “Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.”

Discovered by security researcher Genwei Jiang, the critical zero-day vulnerability affects Windows, Macintosh, Linux, and Chrome OS.

Adobe software affected by this update includes the following:

The full list of vulnerabilities patched with Adobe Flash Player 21.0.0.242 are described as follows:

For a list of acknowledgements highlighting the researchers who discovered the flaws patched in today’s update, see Adobe’s Security Bulletin (APSB16-15).

Macintosh and Windows users running Adobe Flash Player Desktop Runtime should update to Flash Player 21.0.0.242 (17.7 MB) immediately, and Linux users should update to Flash Player 11.2.202.621 by visiting the Adobe Flash Player Download Center. Adobe Flash installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 21.0.0.242 for Windows, Macintosh, Linux and Chrome OS.

Share this: