Adobe has released a fix for a recent Adobe Flash security vulnerability that could allow attackers to steal users credentials and access sensitive files.
The fix, released Monday, addresses a flaw in the Adobe Flash Player that could enable a remote attacker to compromise an affected system.
Adobe said the vulnerability was found by researchers from the University of Washington and the National Institute of Standards and Technology (NIST) in late May.
The company is working on a fix.
Adobe has already patched the flaw in March and released the fix last week.
The bug is described in a vulnerability assessment from the NIST.
The vulnerability, CVE-2016-1385, has been described as a potential buffer overflow vulnerability in Adobe Flash for Windows and the Adobe AIR runtime in the Flash Player, according to NIST security researcher Jeremy A. Revell.
It is not yet known if the flaw was also exploited in the Safari browser, he said in a blog post.
The NIST said in its advisory that the vulnerability affects all versions of Adobe Flash and the Flash Audio API.
“In order to exploit this vulnerability, a remote code execution vulnerability exists in the way Adobe Flash handles data written to memory,” NIST wrote.
The flaw is described as CVE- 2016-1390.
In addition to exploiting the vulnerability, an attacker could use the vulnerability to gain the following access to the affected system:Access control lists (ACLs) are the data that allow software programs to identify and control a process or device.
The Adobe Flash player, Adobe AIR, and Microsoft Edge web browsers are all affected by the vulnerability.
The flaw affects all users of Adobe software and has been known to affect Flash Player for Windows since May 2016.
The latest Adobe Flash Security Patch update addresses the vulnerability in March, but there are still issues.
Microsoft announced the fix on March 10.
Adobe will release a patch for the remaining affected versions of Flash as soon as possible.
The Flash Player bug affects all of Adobe’s Flash-based applications.
Adobe announced in May that it was deploying Flash Player patch level 3.0.
Adobe is releasing the patch in phases, so the latest version is released every week.