Adobe issues emergency patch for critical Flash vulnerabilities
by Rob Wright from searchsecurity.techtarget.com
Published: 30 Dec 2015
Just weeks after its biggest security update of the year, Adobe issued emergency patches for a new round of Flash bugs, including one already being exploited by attackers.
Adobe this week released a series of emergency patches for Flash vulnerabilities, including a critical vulnerability that is already being exploited in the wild.
The emergency patches address a total of 19 Flash vulnerabilities, the most pressing of which involves an integer overflow vulnerability that Adobe said could allow attackers to execute code. Adobe acknowledged that the vulnerability, identified as CVE-2015-8651, has already been leveraged by attackers.
"Adobe is aware of a report that an exploit for CVE-2015-8651 is being used in limited, targeted attacks," the company wrote on its security blog. "Adobe recommends users update their product installations to the latest version using the instructions referenced in the security bulletin."
Initial news reports said CVE-2015-8651 was reported to Adobe by Kai Wang and Hunter Gao of the Chinese networking firm Huawei, which has come under fire in recent years for its close ties to the Chinese government. However, a subsequent update to the Flash security bulletin removed the acknowledgement for CVE-2015-8651 and any mention of Wang and Gao. No explanation was given by Adobe for the removal.
The emergency patches for Flash in this week's security bulletin also cover a type confusion vulnerability, four memory corruption vulnerabilities and 13 use-after-free vulnerabilities. Like the CVE-2015-8651 vulnerability, all 18 could allow code execution.
This week's patches cap off a difficult year in which security experts and technology professionals have renewed their calls for Adobe to kill Flash once and for all. In October, Adobe released an emergency patch for Flash vulnerabilities that were being exploited in a series of attacks on foreign ministries. And over the summer, officials from Facebook and Mozilla issued scathing rebukes of Adobe after another out-of-band security update was issued following the discovery of more Flash vulnerabilities in the Hacking Team data breach.
In addition, this week's emergency patches come just three weeks after Adobe issued its largest security update of the year, which addressed a total of 79 critical vulnerabilities. With Adobe's recent decisions to support HTML5 development and to rename Flash Professional CC as Animate CC, security experts have speculated that the end of Flash may be coming sooner rather than later.=============================================== Good Netiquette And A Green Internet To All!
Great Reasons for Purchasing Netiquette IQ
· Get more email opens. Improve 100% or more.
· Receive more responses, interviews, appointments, prospects and sales.
· Be better understood.
· Eliminate indecision.
· Avoid being spammed 100% or more.
· Have recipient finish reading your email content.
· Save time by reducing questions.
· Increase your level of clarity.
· Improve you time management with your email.
· Have quick access to a wealth of relevant email information.
Enjoy most of what you need for email in a single book.
**Important note** - contact our sister company for very powerful solutions for network, security and systems management!
In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” has also been published. You can view my profile, reviews of the book and content excerpts at:
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications.
Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.