Adobe Patches Flash Flaw

Wednesday, November 2, 2016 @ 11:11 AM gHale


Adobe updated Flash Player to fix a vulnerability attackers have been exploiting.

The flaw (CVE-2016-7855) is a use-after-free issue an attacker can leverage for arbitrary code execution.

RELATED STORIES
Windows Zero Day in Play
LDAP Open for Attack
IoT Attack Scare: Is Industry Ready?
Dirty COW Zero-Day Patched

Neel Mehta and Billy Leonard from Google’s Threat Analysis Group reported the vulnerability.

Adobe said an exploit exists and has seen action in limited, but targeted attacks aimed at users running Windows 7, 8.1 and 10.

Adobe patched the vulnerability with the release of Flash Player 23.0.0.205 and 11.2.202.643 (Linux). The hole affects Flash Player 23.0.0.185 and earlier, and 11.2.202.637 and earlier for Linux.

Microsoft and Google will update Chrome, Internet Explorer 11 and Edge to fix the vulnerability.



Leave a Reply

You must be logged in to post a comment.