Be on the lookout for yet another Adobe Flash Player emergency patch to apply immediately if your users still have Flash installed on their devices, to be released as soon as tomorrow.

This is an emergency because attackers are actively exploiting the critical vulnerability, CVE-2016-1019, which affects Flash version 21.0.0.197 on Windows, Mac, Linux and Chrome OS. While Adobe typically releases Flash updates on Patch Tuesday, same as Microsoft, the company does issue emergency patches for critical vulnerabilities seen in use in the wild.

Adobe’s security advisory warns that successful exploitation could cause a crash and allow an attacker to take control of the affected system. In a recent update to an Adobe Product Security Incident Response Team (PSIRT) blog, the company reports that the vulnerability is being exploited on systems running Windows 10 and earlier with Flash version 20.0.0.306 and earlier (not Windows 7 and XP as previously reported).

That means, even if your Windows operating system is up to date, running an outdated version of Flash Player on your browsers can put your company at risk of exploitation, resulting in data loss or malware infection.

There is a mitigation in Flash version 21.0.0.182 that protects users against this exploit, and Adobe encourages users to update and install the update in each browser installed on your system. (more…)