Critical Adobe Flash Player patches include fix for exploited zero day flaw
Adobe Systems released security patches Tuesday for ColdFusion, Flex and Flash Player, the latter addressing a flaw for which is an exploit is already available.
The Flash Player updates, namely Flash Player 220.127.116.11 for Windows and Mac, Flash Player 18.104.22.1687 for Linux and Flash Player Extended Support Release 22.214.171.1241, address a total of 22 vulnerabilities, most of which are critical and can lead to remote code execution.
One of the flaws, tracked as CVE-2015-3043 in the Common Vulnerabilities and Exposures (CVE) database, has been known by attackers since before Adobe released its latest patches. This makes it a so-called zero-day vulnerability — a flaw for which a fix was not yet available when it began being exploited.