Critical Adobe Flash Player patches include fix for exploited zero day flaw
Adobe Systems released security patches Tuesday for ColdFusion, Flex and Flash Player, the latter addressing a flaw for which is an exploit is already available.
The Flash Player updates, namely Flash Player 18.104.22.168 for Windows and Mac, Flash Player 22.214.171.1247 for Linux and Flash Player Extended Support Release 126.96.36.1991, address a total of 22 vulnerabilities, most of which are critical and can lead to remote code execution.
One of the flaws, tracked as CVE-2015-3043 in the Common Vulnerabilities and Exposures (CVE) database, has been known by attackers since before Adobe released its latest patches. This makes it a so-called zero-day vulnerability — a flaw for which a fix was not yet available when it began being exploited.