Adobe Security Advisory

Security Advisory for Adobe Flash Player

Release date: May 10, 2016

Vulnerability identifier: APSA16-02

CVE number: CVE-2016-4117

Platforms: Windows, Macintosh, Linux and Chrome OS

Summary

A critical vulnerability (CVE-2016-4117) exists in Adobe Flash Player 21.0.0.226 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe is aware of a report that an exploit for CVE-2016-4117 exists in the wild.  Adobe will address this vulnerability in our monthly security update, which will be available as early as May 12. For the latest information, users may monitor the Adobe Product Security Incident Response Team blog.

Severity ratings

Adobe categorizes this as a critical vulnerability.

Acknowledgments

Adobe would like to thank Genwei Jiang of FireEye, Inc. for reporting CVE-2016-4117 and for working with Adobe to help protect our customers.