HITB GSEC Singapore (August 21st - 25th)
Register Online Now!
Adobe will take two days to push a critical patch to Flash, which is currently being used to launch attacks by hackers.
The company said in a security advisory on Tuesday that it was "aware" of a report for an exploit in the wild, which the company said hackers could use for "limited, targeted attacks." A successful exploitation of the flaw could let an attacker full access to the affected system, it read.
Adobe Systems this week rushed out an emergency patch to plug a security hole in its widely-installed Flash Player software, warning that the vulnerability is already being exploited in active attacks.
Adobe said a “critical” bug exists in all versions of Flash including Flash versions 18.104.22.168 and lower (older) across a broad range of systems, including Windows, Mac, Linux and Chrome OS. Find out if you have Flash and if so what version by visiting this link.
Adobe has issued an emergency update for its Flash media player that patches almost two dozen critical vulnerabilities, including one that's being maliciously exploited in the wild.
"These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system," Adobe officials wrote in an advisory published Thursday. "Adobe is aware of a report that an exploit for CVE-2016-1010 is being used in limited, targeted attacks." The notice advises Flash users to install the update as soon as possible.
Flash is finally dead. Well, the name is, anyway.
The platform that was until yesterday known as Adobe Flash Professional CC is now Adobe Animate CC. What does that mean? According to an Adobe statement announcing the change, it’s part of an ongoing commitment to “evolve to support multiple standards,” specifically HTML5. In practice, though, the answer is: not much. Meet the new Flash, same as the old Flash, and still a security-addled, closed-off mess.
Adobe has fixed a series of security vulnerabilities in Flash Player
The company said in an advisory Tuesday that the updates will address security flaws that "could potentially allow an attacker to take control of the affected system." The patches aim to fix flaws that could lead to code execution -- in other words, allowing an attacker to run malicious code.