New vulnerability Flash Player is exploited in-the-wild

Adobe has released an emergency update of Flash Player APSB16-10 , which fixes the dangerous 0day vulnerability with the CVE-2016-1019 identifier. Unlike other similar RCE vulnerabilities, which can only be used on Windows 7 & 8.1, the exploit for the new 0day vulnerability works fine on Windows 10. The exploit exploits a vulnerability in the Flash ASnative API function.



The vulnerability is exploited in-th-wild and is used by cybercriminals in such exploit kits as Nuclear Pack and Magnitude. ESET antivirus products detect the exploit as SWF / Exploit.CVE-2016-1019.A .

If you’re actively involved in Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier.

')

Fig. SWF / Exploit.CVE-2016-1019.A as part of Magnitude EK. ( screenshot kafeine )

See also:

www.fireeye.com/blog/threat-research/2016/04/cve-2016-1019_a_new.html
www.proofpoint.com/us/threat-insight/post/killing-zero-day-in-the-egg

We recommend updating your Flash Player. Browsers such as Internet Explorer 11 on Windows 8.1 / Win10 and Google Chrome, as well as MS Edge update their Flash Player versions automatically. Check your version of Flash Player for relevance here , the table below shows these versions for various browsers.




be secure.