Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Emergency Patch Coming to Adobe Flash Tomorrow to Fix Bug Used in Live Attacks
#1
New Adobe Flash Player version arriving on April 7
 
Adobe is trying to raise awareness for a Flash security bug scheduled for release tomorrow, a vulnerability which the company claims it's actively exploited in real-world attacks.
 
The issue (CVE-2016-1019) affects Adobe Flash Player 21.0.0.197 and earlier versions, running on all platforms, Chrome OS, Linux, Mac, and Windows.
 
CVE-2016-1019 lets attackers hijack workstations
 
According to Adobe, successful exploitation of CVE-2016-1019 could lead to system crashes that can potentially allow attackers to run code on targeted machines. Depending on the attacker's technical abilities and experience, they could leverage the flaw to take over devices.
 
Current information reveals that this vulnerability has already been used on Windows XP and Windows 7 machines running Adobe Flash Player 20.0.0.306 and earlier.
 
Adobe says that security mitigation features introduced in Flash Player 21.0.0.182 make exploitation of this bug impossible on machines running recent Flash versions, but the vulnerability still exists in the Flash Player source code. The company plans to patch this issue with tomorrow's release.
 
A trio of researchers discovered and reported the bug
 
Adobe has credited three researchers for discovering the flaw. These are Kafeine (EmergingThreats/Proofpoint), Genwei Jiang (FireEye, Inc.), and Clement Lecigne (Google, Inc.).
 
It is highly recommended that users always run the latest version of the Adobe Flash Player. Additionally, to avoid any issues, Web browsers can automatically block the execution of Flash code, and allow the user to decide on a per-page basis where this can happen. This method ensures that Flash code is executed only on trusted sites, where there's a smaller chance (not impossible) of finding malicious content.
 
While many hope for "Flash to die," the technology is too widespread for it to be removed entirely. While modern technologies can successfully replace all of Flash's benefits, the technology is still needed on older, outdated systems, usually found in corporate or government networks.
 
Source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Apple emergency updates fix 3 new zero-days exploited in attacks mrtrout 0 645 09-21-2023 , 10:02 PM
Last Post: mrtrout
  Emergency Apple iOS 15.0.2 update fixes zero-day used in attacks mrtrout 0 804 10-11-2021 , 09:47 PM
Last Post: mrtrout
  Adobe issues emergency fix for file-munching bug sidemoon 0 1,290 03-26-2020 , 09:44 PM
Last Post: sidemoon
  Adobe Flash Player Update Released for Remote Code Execution Vulnerability tarekma7 0 1,644 11-22-2018 , 12:11 PM
Last Post: tarekma7
  Adobe Patch Tuesday Is Out With Fixes for Flash Player, Creative Cloud, Connect tarekma7 0 1,695 05-09-2018 , 12:18 AM
Last Post: tarekma7



Users browsing this thread: 3 Guest(s)