Patch Adobe Flash Now Exploit Detected in the Wild
Adobe has issued patches for Flash to address multiple vulnerabilities, including a use-after-free zero-day flaw in the in the ActionScript 3 ByteArray (CVE-2015-5119), which could allow a remote attacker to execute arbitrary code on a targeted system.
“Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system,” an advisory states.
“Adobe is aware of a report that an exploit targeting CVE-2015-5119 has been publicly published.”
The vulnerability was discovered along with other proof-of-concept exploits in data that was leaked in the recent Hacking Team breach, a company known to sell communication interception and surveillance tools.
Figure A shows a sample post made to the Hacking Team Twitter account.
Flash Player versions 9.0 through version 18.104.22.168 are impacted by the vulnerability, which can allow attacker-controlled memory corruption in a targeted system.
Adobe recommends users apply the updates immediately:
Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to Adobe Flash Player 22.214.171.124 by visiting the Adobe Flash Player Download Center or via the update mechanism within the product when prompted.
Adobe recommends users of the Adobe Flash Player Extended Support Release update to version 126.96.36.1992 by visiting http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html.
Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 188.8.131.521 by visiting the Adobe Flash Player Download Center.
Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 184.108.40.206 on Windows and Macintosh, and Flash Player 220.127.116.11 on Linux.
Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 18.104.22.168.
The post Patch Adobe Flash Now – Exploit Detected in the Wild appeared first on Darkmatters.