Vulnerable Adobe Flash Player allows remote code execution (CVE-2016-4117)

May 24, 2016

Adobe has released security updates for Adobe Flash Player that addresses critical vulnerabilities. This patch update covers multiple Common Vulnerabilities and Exposures identifiers (CVE) to include CVE-2016-4117 [1], as noted in Adobe Security Bulletin apsb16-15. [2]

Summary

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS.  These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.  Adobe is aware of a report that an exploit for CVE-2016-4117 exists in the wild.  Please refer to APSA16-02 for additional details.

Impact

This set of updates covers vulnerabilities rated as critical by Adobe. Attackers can remotely take control of affected systems if exploitation is successful. Threatpost has noted that there are reports of CVE-2016-4117 being exploited in ransomware attacks and has been seen in payloads included with CryptXXX, Cerber and DMA Locker ransomware, as well as the Gootkit Trojan. [3]

Vulnerable

  • Adobe Flash Player 21.0.0.226 and earlier

Recommendations

  • Users and service providers are advised to patch affected systems immediately.
  • Adobe's May 12, 2016, security update resolves this issue.  APSB16-15 [1]

References

[1]  https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
[2]  https://helpx.adobe.com/security/products/flash-player/apsa16-02.html
[3]  https://threatpost.com/two-exploit-kits-spreading-attacks-for-recent-fla...
[4]  Users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh, who have selected the option to ‘Allow Adobe to install updates' will receive the update automatically. Users who do not have the 'Allow Adobe to install updates' option enabled can install the update via the update mechanism within the product when prompted.