Flash Zero-Day Exploit Has Been Patched By Adobe

 

 

Adobe Flash Player has patched the vulnerabilities in nine of its products which affected by a zero-day flaw. Adobe has released an emergency Flash Player update which includes a patch for the vulnerability. A version of Flash Player 24.0.0.186 has resolved a total of 17 vulnerabilities which exploited the execution of arbitrary code. Most interesting of the security hole is that the severe vulnerability fixed by updates which tracked by CVE-2016-7892. CVE-2016-7855 was privately disclosed by the Billy Leonard and Neel Mehta of Google Threat Analysis Group. Neel Mehta was one of the researchers who credited for finding and disclosing the Heartbleed vulnerability in 2014.

Heartbleed was one of a string of the Internet-wide vulnerabilities that was disclosed in 2014 and 2015. This vulnerability was found in the OpenSSL and allowed the cyber attacker to read memory from the encrypted sessions.

The vulnerability usually affects the Linux, Mac, and Windows desktop versions of Flash 23.0.0.185 and earlier for all web browsers on Windows 8.1 and 10. The Adobe confirmed the existence of an exploit code for CVE-2016-7892 vulnerability that targeted attacks against the Windows users executing a 32-bit of IE. It has reported to Adobe by an individual who remains anonymous. Remaining flaws in Adobe Flash Player vulnerabilities were reported by experts and independent researchers from the multiple organizations including Tencent, Pangu LAB, Qihoo 360, Microsoft, Palo Alto Networks, Trend Micro’s Zeto Day Initiative and much more.

 

Another security updated has been also issued by Adobe that patches the vulnerabilities in the other products such as Experience Manager Forms, Animate, InDesign, DNG Converter, RoboHelp, Digital Editions and much more. There are one cross-site request forgery and three XSS flaws in the Experience Manager, information disclosure bugs in the Digital Editions and ColdFusion Builder, a memory corruption in InDesign, an XSS flaw in the RoboHelp etc have been also patched.

According to the software giant, there was no any evidence that any of vulnerabilities has been exploited widely. The patch released by Adobe in the past three months did not address about any zero-days but it release an out-of-band patch for Adobe Flash Player in the late October to fix use-after-free which exploited in a low-volume spear phishing campaign by Russian-linked threat actor which also known as the APT28, Pawn Storm, Fancy Bear, Sofacy, Sednit and Tsaer Team.

Leave a Comment

Your email address will not be published. Required fields are marked *

Skip to toolbar