Sábado, 19 Agosto 2017
Ultimas noticias
Casa » Adobe issues emergency patch for exploited Flash zero-day

Adobe issues emergency patch for exploited Flash zero-day

27 Octubre 2016

The vulnerability, tracked as CVE-2016-7855 in the Common Vulnerabilities and Exposures database, is a use-after-free error that could lead to arbitrary code execution.

Adobe released today Flash Player version 23.0.0.205 that fixes a critical security flaw discovered by two Google engineers, which they say was used in attacks against Windows users in the wild.

Adobe said an attacker had deployed this vulnerability as part of targeted attacks against users running Windows versions 7, 8.1 and 10.

Adobe is advising folks to update Flash Player - as malware is right now exploiting a newly discovered hole in the internet's screen door to hijack Windows PCs. The Flash Player runtime bundled with Google Chrome and Microsoft Edge or Internet Explorer 11 on Windows 10 and 8.1 will be updated automatically through those browsers' update mechanisms. For Linux, the patched version is 11.2.202.643.

Adobe-Touch-Apps-Family-Logo

Adobe credits Neel Mehta and Billy Leonard from Google's Threat Analysis Group for reporting the exploit to the company.

Users and administrators of machines running Flash Player on Windows, MacOS, and Linux are being advised to update their software as soon as possible to avoid further attacks.

Security firm Trustwave recently reported that nearly 40 percent of the zero-day vulnerabilities identified in 2015 were in Flash Player and 80 percent of the new exploits added to widely used Web-based exploit kits were for Flash Player flaws.

Adobe issues emergency patch for exploited Flash zero-day