Another emergency patch fixes 'critical' Flash player flaw

Adobe say the update will patch a significant vulnerability affecting Windows users

Adobe Flash hit with zero day vulnerability again

Adobe has warned its customers to update Flash player software immediately, following the discovery of a 'critical' flaw that has already been exploited by malware.

The emergency security update released yesterday aims to fix a single vulnerability designated 'CVE-2016-7855'. This use-after-free memory flaw allows hackers to gain full remote access to a system when the user views a harmful flash-media file.

"Adobe is aware of a report that an exploit exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10," said Adobe in a blog post.

A security update has also been released as a precaution for macOS, Linux and ChromeOS operating systems.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Google Threat Analysis Group researchers Neel Mehta and Billy Leonard first spotted the flaw and reported it to Adobe, however an update could not be released before exploits had found their way onto user systems.

Adobe has recommended users update to the latest versions of Flash player, which will fix the flaw and prevent future attacks.

Desktop Flash software, as well as Flash players on Chrome, Microsoft Edge and Internet Explorer 11, using versions 23.0.0.185 and under, are vulnerable to the latest exploit.

Linux users on 11.2.202.637 and under should also update to the latest security patch.

The latest patch follows a similar 'critical' security patch that dropped earlier this month, as Adobe worked to fix 12 significant vulnerabilities affecting use-after-free memory flaws.

These latest security concerns will likely further justify calls from the security community to abandon the Flash player in favour of a more reliable and secure HTML5 format. Many high profile companies, such as Apple, have blocked older unfsafe versions of flash, however some have abandoned the buggy plugin completely.

Advertisement - Article continues below

Following an announcement in May, Google Chrome will begin auto-defaulting to HTML5 format on all but 10 high-traffic websites, such as YouTube and Facebook, by the end of the year.

Browser provider Mozilla announced in July that it would begin slowly blocking Flash content entirely on its Firefox platform, replacing it with HTML by 2017.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/business-strategy/34599/adobe-shuts-down-service-to-venezuela
Business strategy

Adobe shuts down service to Venezuela

9 Oct 2019

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/security/cyber-security/354468/if-not-passwords-then-what
cyber security

If not passwords then what?

8 Jan 2020
Visit/policy-legislation/31772/gdpr-and-brexit-how-will-one-affect-the-other
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020