Adobe announced today an emergency update only that will be released on Thursday June 16th. The upcoming patch will set a zero-day (where else?) to Flash Player, who are currently using it for targeted attacks.
According to Anton Ivanov and her Costin Raiu Kaspersky, the vulnerability usesalready in targeted attacks.
The vulnerability identifier registered for this zero-day is CVE-2016-4171, and Adobe reports that it affects both Flash Player 21.0.0.242 and earlier versions running on Windows, Macintosh, Linux and Chrome OS.
Flash Player 21.0.0.242 is the latest version of the company. This means that zero-day affects all Flash-based systems.
The vulnerability helps an attacker crash a Flash Rlayer installation in an unsafe manner, which then allows him to run malicious code on the victim's system and take charge of its management.
If you are using Flash Layerer immediately disable the application, or the Plugin, at least until Adobe releases the patch...
