Adobe Systems Inc. says its plans to issue a patch on Wednesday to fix a zero-day vulnerability in its Flash Player software that is reportedly being exploited in active attacks. The flaw was disclosed publicly over the weekend after hackers broke into and posted online hundreds of gigabytes of data from Hacking Team, a controversial Italian company that’s long been accused of helping repressive regimes spy on dissident groups.
In an advisory published today, Adobe said “a critical vulnerability (CVE-2015-5119) has been identified in Adobe Flash Player 22.214.171.124 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.”
Update, July 8, 12:13 p.m. ET: The patch is now available in Flash Player 126.96.36.199 for Windows and Mac systems. See this advisory for more information and for links to downloads.