Adobe Flash Vulnerable Again; Issues Emergency Patch

Adobe released an out-of-band security update on Monday to address multiple vulnerabilities rated as critical in its Flash Player. One (CVE-2015-8651) is currently being exploited in targeted attacks.

The software updates apply to all platforms and could allow a hacker to take control of ones system.

Adobe provided the following details on the vulnerabilities in a security bulletin posted Monday afternoon:

• These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-8644).

• These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-8651).

• These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650).

• These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-8459, CVE-2015-8460, CVE-2015-8636, CVE-2015-8645).

Adobe did not go into details of the attacks exploiting CVE-2015-8651, other than describing them as “limited, targeted attacks”.

You can get the updates by going to the security bulletin for instructions.

Source: SecurityWeek