Cisco Blogs

News Flash! Another Adobe Flash Zero-day Vulnerability Spotted in the Wild

- April 7, 2016 - 0 Comments

In today’s threat landscape, Adobe Flash Player unfortunately remains an attractive attack vector for adversaries to exploit and compromise systems. Over the past year, Talos has observed several instances where adversaries have identified zero-day vulnerabilities and exploited them to compromise systems. Talos is aware of reports that CVE-2016-1019, an Adobe Flash 0-day vulnerability, is currently being exploited in the wild and is affecting systems running Windows 10 and earlier.

According to the Adobe Flash Player security advisory published on April 5, Flash Player versions and earlier are susceptible to compromise via CVE-2016-1019. This includes Flash Player version as well as Flash Player Extended Support Release (ESR) version and earlier. One special note is that as of March 10, 2016, Adobe introduced a mitigation that prevents exploitation of CVE-2016-1019 in Flash version and later.


Leave a comment

We'd love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed.

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.