Specifically, we will stop updating and distributing the Flash Player at the end of 2020 and encourage content creators to migrate any existing Flash content. This is the fourth zero day fixed by Adobe this year where active attacks are already underway before the availability of the vendor patch. Given this progress, and in collaboration with several of our technology partners including Apple, Facebook, Google, Microsoft and Mozilla Adobe is planning to end-of-life Flash. The updated versions are below:Ĭurrently, Adobe flash is the favorite mechanism by which Exploit Kits and bad actors compromise a machine and since this vulnerability is already weaponized and used in the wild, users should patch as soon as possible. It’s a use-after-free issues in which the software attempts to access memory after it has been freed, which can cause a program to crash or in this case can result in the execution of attacker supplied code. Usually innocent users end up with malicious flash content by clicking on bad links from e-mails, blogs, bulletin boards and other sources.Īll platforms including Windows, Macintosh, Linux and Chrome OS are affected. The vulnerability (CVE-2016-7855) is triggered when the victim views malicious Adobe flash content. If left un-patched, attackers can remotely take complete control of the machine. The vulnerability is currently being used in active attacks and therefore Adobe released this emergency fix. Adobe released APSB16-36 today to fix one 0-day vulnerability in Flash.
0 Comments
Leave a Reply. |