Adobe Security Advisory

Security Advisory for Adobe Flash Player

Release date: June 14, 2016

Vulnerability identifier: APSA16-03

CVE number: CVE-2016-4171

Platforms: Windows, Macintosh, Linux and Chrome OS

Summary

A critical vulnerability (CVE-2016-4171) exists in Adobe Flash Player 21.0.0.242 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe is aware of a report that an exploit for CVE-2016-4171 exists in the wild, and is being used in limited, targeted attacks. Adobe will address this vulnerability in our monthly security update, which will be available as early as June 16. For the latest information, users may monitor the Adobe Product Security Incident Response Team blog.

Severity ratings

Adobe categorizes this as a critical vulnerability.

Acknowledgments

Adobe would like to thank Anton Ivanov and Costin Raiu of Kaspersky Lab for reporting CVE-2016-4171 and for working with Adobe to help protect our customers.