Flash Hit by Another Zero-Day Vulnerability
Ashley Allen / 3 years ago
Like a sailor, desperately panning water out of a sinking ship, Adobe has released an out-of-bound patch for yet another zero-day vulnerability in its Flash Player software. Versions of Flash affected by the vulnerability are those released on 11th October and earlier, from version 126.96.36.199 (or version 188.8.131.527 on Linux).
“The vulnerability is a use-after-free vulnerability that has been designated CVE-2016-7855,” reports Trend Micro. “An attacker could use a malicious Flash file to run malicious code on a user’s system, allowing various threats to be planted on the affected system. The bulletin noted that the vulnerability has been exploited in “limited, targeted attacks” against Windows users.”
“Adobe has released a Flash update which fixes this vulnerability,” Trend Micro explains. “This update brings the current version of Flash to 184.108.40.206. The built-in update mechanism of Flash will either automatically install the update or prompt the user to do so. The versions of Flash that are integrated into Google Chrome and Microsoft Edge/Internet Explorer will receive updates via the update mechanisms of those browsers. For Adobe Flash Player for Linux, the current version is 220.127.116.113.”
If you are still using Flash, then you should update the software immediately, then make a sacrificial offering to the Gods of HTML5.