"A critical vulnerability (CVE-2016-4117) exists in Adobe Flash Player 126.96.36.199 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system."Adobe goes on to note its awareness of reports that the flaw, which was discovered by Genwei Jiang of FireEye, Inc., is currently being exploited in the wild. Tuesday's security advisory addresses only CVE-2016-4117, which has led to some confusion about how many bugs will be fixed in the upcoming Flash update.
"If information gleaned from [Microsoft’s account of the Flash Player update] MS16-064 is accurate, this Zero Day will be accompanied by 23 additional CVEs, with the release expected on May 12th," writes security firm Shavlik, as quoted by Brian Krebs in a blog post. "With this in mind, the recommendation is to roll this update out immediately."
"As far as Flash is concerned, the smartest option is probably best to hobble or ditch the program once and for all--and significantly increase the security of your system in the process."Those who are interested in uninstalling Flash Player can click here to learn more. For the latest updates on CVE-2016-4117, Adobe recommends users monitor the Adobe Product Security Incident Response Team blog. News of this upcoming patch broke on the same day that Microsoft issued 17 new security bulletins.