Adobe rolled out security updates for three of its products on Tuesday, including 95 fixes it pushed for Acrobat, Reader, and ColdFusion.
Users will have to wait until later this week, however, to patch a critical vulnerability that exists in Flash Player. It may only be a matter of time until the vulnerability is publicly exploited; Adobe claims that it isn’t aware of any active exploits for the issue but is aware of a report that an exploit for the vulnerability, CVE-2016-4117, exists in the wild.
The zero day, dug up by Genwei Jiang, a researcher at FireEye, exists in Flash 188.8.131.52 and earlier versions for Windows, Mac, Linux, and Chrome OS, Adobe warned Tuesday. If exploited, the vulnerability could cause a crash and let an attacker take control of the system. A fix for the issue was not ready in time to ship with this week’s Patch Tuesday patches but the company claims it is planning to address the issue later in the week, potentially as early as Thursday.
As far as today’s patches go, 92 of the 95 issues that were fixed, address vulnerabilities in either Acrobat and Reader, the bulk of which were use-after-free vulnerabilities or memory corruption vulnerabilities that could lead to code execution, Adobe warns.