Adobe Flash Player update fixes latest zero-day bug

Adobe began rolling out Flash Player 16.0.0.305 on Wednesday for users who have auto-update enabled.

The version includes a fix for the recently reported critical zero-day vulnerability – CVE-2015-0313 – that affects Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh, as well as Flash Player 13.0.0.264 and earlier 13.x versions.

“Adobe expects to have an update available for manual download on 5 February, and we are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11,” according to an update added on Wednesday to the 2 February advisory.

Adobe said on Monday it is aware of reports that the critical bug is being actively exploited, and explained that successful exploitation of the vulnerability could cause a crash and enable an attacker to take complete control of the victim's system.