Another emergency patch fixes 'critical' Flash player flaw

Adobe say the update will patch a significant vulnerability affecting Windows users

Adobe Flash hit with zero day vulnerability again

Adobe has warned its customers to update Flash player software immediately, following the discovery of a 'critical' flaw that has already been exploited by malware.

The emergency security update released yesterday aims to fix a single vulnerability designated 'CVE-2016-7855'. This use-after-free memory flaw allows hackers to gain full remote access to a system when the user views a harmful flash-media file.

Advertisement - Article continues below

"Adobe is aware of a report that an exploit exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10," said Adobe in a blog post.

A security update has also been released as a precaution for macOS, Linux and ChromeOS operating systems.

Google Threat Analysis Group researchers Neel Mehta and Billy Leonard first spotted the flaw and reported it to Adobe, however an update could not be released before exploits had found their way onto user systems.

Adobe has recommended users update to the latest versions of Flash player, which will fix the flaw and prevent future attacks.

Desktop Flash software, as well as Flash players on Chrome, Microsoft Edge and Internet Explorer 11, using versions 23.0.0.185 and under, are vulnerable to the latest exploit.

Linux users on 11.2.202.637 and under should also update to the latest security patch.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The latest patch follows a similar 'critical' security patch that dropped earlier this month, as Adobe worked to fix 12 significant vulnerabilities affecting use-after-free memory flaws.

These latest security concerns will likely further justify calls from the security community to abandon the Flash player in favour of a more reliable and secure HTML5 format. Many high profile companies, such as Apple, have blocked older unfsafe versions of flash, however some have abandoned the buggy plugin completely.

Following an announcement in May, Google Chrome will begin auto-defaulting to HTML5 format on all but 10 high-traffic websites, such as YouTube and Facebook, by the end of the year.

Browser provider Mozilla announced in July that it would begin slowly blocking Flash content entirely on its Firefox platform, replacing it with HTML by 2017.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/mobile/mobile-security/355889/parachute-introduces-superlock-feature
mobile security

Parachute's Superlock feature keeps your phone recording in an emergency

2 Jun 2020
Visit/security/ethical-hacking/355860/developer-scores-100000-bounty-from-apple-for-exposing-a-critical
ethical hacking

Developer scores $100,000 bounty from Apple for exposing a critical vulnerability

1 Jun 2020
Visit/security/hacking/355854/hackers-wreaking-havoc-on-googles-cloud-infrastructure
hacking

Hackers are wreaking havoc on Google’s Cloud infrastructure

1 Jun 2020
Visit/security/encryption/355820/k2view-innovates-in-data-management-with-new-encryption-patent
encryption

K2View innovates in data management with new encryption patent

28 May 2020

Most Popular

Visit/server-storage/network-attached-storage-nas/355849/western-digital-sneaked-inferior-smr-tech-into
network attached storage (NAS)

Western Digital accused of sneaking inferior SMR tech into NAS drives

1 Jun 2020
Visit/security/data-breaches/355777/easyjet-faces-class-action-lawsuit-over-data-breach
data breaches

EasyJet faces class-action lawsuit over data breach

26 May 2020
Visit/operating-systems/microsoft-windows/355812/microsoft-warns-against-installing-windows-10-may-2020
Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020