SECURITY ALERT - Another ZeroDay Vulnerability Hits Adobe Flash!! PATCH RELEASED


Adobe has released an out of bond patch for Flash Player due to a zero day vulnerability. According to Adobe’s bulletin (APSB16-36) versions of Flash from 23.0.0.185 and earlier (released on October 11) are affected. Adobe Flash Player for Linux uses a separate version numbering system, for that product versions 11.2.202.637 and earlier are vulnerable. We urge all users who still have Flash installed to update to the version released today as soon as possible.

The vulnerability is a use after free vulnerability that has been designated CVE-2016-7855. An attacker could use a malicious Flash file to run malicious code on a user’s system allowing various threats to be planted on the affected system. The bulletin noted that the vulnerability has been exploited in limited, targeted attacks, against Windows users.

Adobe has released a Flash update which fixes this vulnerability. This update brings the current version of Flash to 23.0.0.205. The built-in update mechanism of Flash will either automatically install the update or prompt the user to do so. The versions of Flash that are integrated into Google Chrome and Microsoft Edge/Internet Explorer will receive updates via the update mechanisms of those browsers. For Adobe Flash Player for Linux the current version is 11.2.202.643.

No comments:

Post a Comment