Adobe has pushed out a patch for 25 vulnerabilities in Flash Player, including one that is already being targeted in the wild.
The latest fix for the internet’s screen door includes a remedy for CVE-2016-4117, the remote code execution flaw that is already being exploited by criminals serving up malware-laden advertisements.
The May update should be considered a top priority for Flash Player on Windows, OS X, and Linux. Microsoft and Google are respectively pushing their own Flash Player updates for IE11, Edge and Chrome.
All 25 of the CVE-listed vulnerabilities addressed in this month’s update could allow for remote code execution if exploited:
The updated version of Flash Player for IE, Edge, and Chrome for Windows, OS X and Linux is 18.104.22.168. For Flash Player Desktop Runtime, the updated version is also 22.214.171.124, and for Extended Support Release it is 126.96.36.1992. Adobe Flash Player for Linux (not the Chrome plug-in) and Adobe AIR have also been updated, though Adobe lists those fixes as lower priorities.
The Adobe update comes just two days after Microsoft issued its May round of bulletins, including eight that fix critical vulnerabilities in Internet Explorer, Office, Edge and Windows.
[Source: The Register]