Emerging Threats

Attackers are exploiting a new Adobe Flash zero-day vulnerability

Authored by a Symantec employee



Adobe has now released the patch for the vulnerability. You can read about it here.

Adobe announced it will soon issue an update for its Flash Player in response to the discovery of critical vulnerability CVE-2016-1019, which is currently being exploited in the wild. According to Adobe, the vulnerability could cause computer crashes and potentially allow an attacker to take control of an affected computer.

The vulnerability affects Adobe Flash Player versions and earlier for Windows, Mac, Linux, and Chrome operating systems. Exploitations on computers running Windows 7 and Windows XP with Flash Player versions and earlier have been reported.

The imminent Flash Player update will fully patch the vulnerability, but Adobe says that Flash Player version currently prevents exploitation of this flaw, protecting users running that version or later.

How to Stay Protected:

Adobe Flash Player users should immediately update to the current version while waiting for the update to be released. Or users can temporarily disable

Flash in their browsers by following these instructions:

Internet Explorer versions 10 and 11

  1. Open Internet Explorer.
  2. Click on the Tools menu, and then click Manage add-ons.
  3. Under “Show,” select All add-ons.
  4. Select Shockwave Flash Object and then click on the Disable button.

You can re-enable Adobe Flash Player by repeating the same process, selecting Shockwave Flash Object, and clicking on the Enable button.

Guidance for users of earlier versions of Internet Explorer is available on the Microsoft website. Select the version of Internet Explorer you are using at the top right corner.


  1. Open Firefox.
  2. Open the browser menu and click Add-ons.
  3. Select the Plugins tab.
  4. Select Shockwave Flash and click Disable.

You can re-enable Flash by repeating the same process, selecting Shockwave Flash, and then clicking on the Enable button.


  1. Open Chrome.
  2. Enter chrome://plugins/ in the address bar and hit the Enter key.
  3. Click the Disable link under the Adobe Flash Player plugin.

You can re-enable Flash by repeating the same process and clicking the Enable link.

To stay up to date on this vulnerability, see the Adobe Product Security Incident Response Team blog.

Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the LockMan Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome and Android are trademarks of Google, LLC. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced and/or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other company names and product names are registered trademarks or trademarks of each company.