Adobe released monthly security patches, fixing flaws in its Flash Player, ColdFusion Builder, and InDesign.
One of the critical patches is APSB16-39, which addresses 16 security bugs in Flash, one of which could allow remote code execution if successfully exploited.
And chances are good it could successfully exploit the software as Adobe confirmed it is already seeing attacks aimed at users.
Adobe Flash Player Desktop Runtime, as well as Google Chrome, Microsoft Edge, and Internet Explorer 11 are all rated with a “1” priority rating (the highest priority rating available in Adobe’s patching cycle), while Adobe Flash Player for Linux is rated “3.” Everyone should patch Flash Player quickly, though.
“Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system,” Adobe said in its security advisory.
“Adobe is aware of a report that an exploit for CVE-2016-7892 exists in the wild, and is being used in limited, targeted attacks against users running Internet Explorer (32-bit) on Windows.”
In the case of Microsoft users running Internet Explorer and Edge, the Flash Player update shipped via Windows Update, as the application is integrated into the browser.
Adobe is also patching other products in its lineup, and although they are rated as critical, the company isn’t saying anything about any active exploits used in attacks against users. Obviously, users should install all Adobe patches as soon as possible to remain secure.