Adobe Flash Vulnerable Again; Issues Emergency Patch
Posted by: Timothy Weaver on 12/29/2015 10:41 AM
[
Comments
]
Adobe released an out-of-band security update on Monday to address multiple vulnerabilities rated as critical in its Flash Player. One (CVE-2015-8651) is currently being exploited in targeted attacks.
The software updates apply to all platforms and could allow a hacker to take control of ones system.
Adobe provided the following details on the vulnerabilities in a security bulletin posted Monday afternoon:
• These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-8644).
• These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-8651).
• These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650).
• These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-8459, CVE-2015-8460, CVE-2015-8636, CVE-2015-8645).
Adobe did not go into details of the attacks exploiting CVE-2015-8651, other than describing them as “limited, targeted attacks”.
You can get the updates by going to the security bulletin for instructions.
Source: SecurityWeek
The software updates apply to all platforms and could allow a hacker to take control of ones system. Adobe provided the following details on the vulnerabilities in a security bulletin posted Monday afternoon:
• These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-8644).
• These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-8651).
• These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650).
• These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-8459, CVE-2015-8460, CVE-2015-8636, CVE-2015-8645).
Adobe did not go into details of the attacks exploiting CVE-2015-8651, other than describing them as “limited, targeted attacks”.
You can get the updates by going to the security bulletin for instructions.
Source: SecurityWeek
Comments
