Goto

Collaborating Authors

Adobe readies emergency patch for Flash zero-day bug exploited in the wild

ZDNet

Adobe has told users that an emergency patch is being prepared for a Flash zero-day vulnerability being exploited in the wild which can give attackers complete control. On Tuesday, the tech giant said in a security advisory that CVE-2016-1019, the zero-day security flaw, is a critical issue which exists in affects Adobe Flash Player 21.0.0.197 and earlier. The Flash zero-day "could cause a crash and potentially allow an attacker to take control of the affected system" if exploited, according to Adobe. Adobe has received reports that the vulnerability is being actively exploited in the wild, which is bad news for users of older software. Until an update and fix is released to patch the flaw, anyone actively using Adobe Flash 21.0.0.197 and earlier is vulnerable to attack.


Adobe readies patch for Flash Player zero-day exploit found in attacker toolkits

ZDNet

Adobe is furiously working on a fix to patch up a vulnerability in Adobe Flash Player which is being actively exploited by cyberattackers to deliver malware. According to a security advisory released by the software giant on Tuesday, the zero-day vulnerability, CVE-2016-4117, is being used actively to compromise victim PCs. The critical vulnerability affects Windows, Mac, Linux and Chrome operating systems. Adobe says successful exploitation "could cause a crash and potentially allow an attacker to take control of the affected system." However, a patch to fix the problem will not be ready until May 12 as part of Adobe's monthly security update.


Adobe deploys emergency patch for Flash zero-day vulnerability

ZDNet

Adobe has released an emergency patch to fix a zero-day vulnerability actively being exploited in the wild. On Tuesday, Adobe warned that users should expect an out-of-schedule update which patches the bug CVE-2016-1019, a zero-day flaw which affects Adobe Flash Player. Users of Windows, Mac, Linux and Chrome operating systems are affected by the security flaw, which "could cause a crash and potentially allow an attacker to take control of the affected system," according to Adobe. The zero-day flaw is a type confusion vulnerability, but it does have limitations. The exploit works against Adobe Flash versions 20.0.0.306 and earlier, but will only cause a crash rather than full system compromise with Flash versions 21.0.0.182 and 21.0.0.197 thanks to mitigation processes added by Adobe in these more recent versions.


Adobe to issue emergency patch for Flash vulnerability

PCWorld

Adobe is working on an emergency patch for its Flash Player after attackers are reportedly exploiting a critical flaw. The vulnerability, CVE-2016-1019, affects Flash Player version 21.0.0.197 on Windows, Mac, Linux and Chrome OS, according to an advisory published on Tuesday. The flaw is being actively exploited on Windows XP and 7 systems running Flash Player versions 20.0.0.306 and earlier. "Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system," it said. A mitigation in Flash Player version 21.0.0.182 and above prevents the vulnerability from being exploited, Adobe said.


Adobe scrambles to patch "critical" Flash zero-day flaw under attack

ZDNet

Adobe will take two days to push a critical patch to Flash, which is currently being used to launch attacks by hackers. The company said in a security advisory on Tuesday that it was "aware" of a report for an exploit in the wild, which the company said hackers could use for "limited, targeted attacks." A successful exploitation of the flaw could let an attacker full access to the affected system, it read. A patch is expected to land Thursday, leaving millions of machines vulnerable in the meantime. Kaspersky Lab, which was credited with finding the flaw, said in a blog post that it believes an advanced persistent threat (APT), a group dubbed ScarCruft, is behind the attacks.