Goto

Collaborating Authors

Hackers exploit unpatched Flash Player vulnerability, Adobe warns

PCWorld

Adobe Systems is working on a patch for a critical vulnerability in Flash Player that hackers are already exploiting in attacks. In the meantime, the company has released other security patches for Reader, Acrobat, and ColdFusion. The Flash Player vulnerability is being tracked as CVE-2016-4117 and affects Flash Player versions 21.0.0.226 and earlier for Windows, OS X, Linux, and Chrome OS. Successful exploitation can allow attackers to take control of affected systems. "Adobe is aware of a report that an exploit for CVE-2016-4117 exists in the wild," the company said in an advisory published Tuesday.


Windows security: Google flags up new critical Adobe Flash Player flaw

ZDNet

Google told Adobe that an exploit for the bug is in the wild and is being used to attack machines running Windows 10, as well as Windows 7 and Windows 8.1. Software firm Adobe has rushed out a patch for a critical flaw in Flash Player, which Google's security researchers have discovered is being used to attack Windows. The bug, a use-after-free memory issue, was reported by members of Google's Threat Analysis Group. "These updates address a critical vulnerability that could potentially allow an attacker to take control of the affected system," Adobe said. The massive cyberattacks which took down some of the most popular websites on the internet show that device manufacturers are not learning from the mistakes of the past.


Adobe warns that hackers are exploiting its Flash software

Daily Mail - Science & tech

Adobe Systems Inc warned on Monday that hackers are exploiting vulnerabilities in its Flash multimedia software platform in web browsers, and the company urged users to quickly patch their systems to prevent such attacks. The warning came after cyber security firm Kaspersky Lab Inc said a group it was tracking, BlackOasis, used the previously unknown weakness on Oct. 10 to plant malicious software on computers before connecting them back to servers in Switzerland, Bulgaria and the Netherlands. Kaspersky said the malware, known as FinSpy or FinFisher, is a commercial product typically sold to nation states and law enforcement agencies to conduct surveillance. Adobe Systems Inc warned on Monday that hackers are exploiting vulnerabilities in its Flash multimedia software platform in web browsers, and the company urged users to quickly patch their systems to prevent such attacks. According to the researchers at Kaspersky Lab, the attack exploits a vulnerability in Adobe Flash to install the FinSpy malware (also known as FinFisher).


Hackers race to use Flash exploit before vulnerable systems are patched

ZDNet

State-backed hackers are looking to use the exploit before organisations have patched against it.


South Korea identifies Flash 0-day in the wild

ZDNet

Late last week, South Korea's CERT identified a use-after-free exploit that impacted Adobe Flash versions 28.0.0.137 and earlier and could allow for remote code execution across Windows, macOS, Linux, and Chrome OS.