Patch Adobe Flash Now Exploit Detected in the Wild
Adobe has issued patches for Flash to address multiple vulnerabilities, including a use-after-free zero-day flaw in the in the ActionScript 3 ByteArray (CVE-2015-5119), which could allow a remote attacker to execute arbitrary code on a targeted system.
“Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system,” an advisory states.
“Adobe is aware of a report that an exploit targeting CVE-2015-5119 has been publicly published.”
The vulnerability was discovered along with other proof-of-concept exploits in data that was leaked in the recent Hacking Team breach, a company known to sell communication interception and surveillance tools.
Figure A shows a sample post made to the Hacking Team Twitter account.
Flash Player versions 9.0 through version 126.96.36.199 are impacted by the vulnerability, which can allow attacker-controlled memory corruption in a targeted system.
Adobe recommends users apply the updates immediately:
Adobe recommends users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh update to Adobe Flash Player 188.8.131.52 by visiting the Adobe Flash Player Download Center or via the update mechanism within the product when prompted.
Adobe recommends users of the Adobe Flash Player Extended Support Release update to version 184.108.40.2062 by visiting http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html.
Adobe recommends users of Adobe Flash Player for Linux update to Adobe Flash Player 220.127.116.111 by visiting the Adobe Flash Player Download Center.
Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 18.104.22.168 on Windows and Macintosh, and Flash Player 22.214.171.124 on Linux.
Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 126.96.36.199.
The post Patch Adobe Flash Now – Exploit Detected in the Wild appeared first on Darkmatters.