Adobe issues emergency patch for critical Flash vulnerabilities
by Rob Wright from searchsecurity.techtarget.com
Published: 30 Dec 2015
Just weeks after its biggest security
update of the year, Adobe issued emergency patches for a new round of Flash
bugs, including one already being exploited by attackers.
Adobe this week released a series of emergency patches
for Flash vulnerabilities, including a critical vulnerability that is already
being exploited in the wild.
The emergency patches address a total of 19 Flash
vulnerabilities, the most pressing of which involves an integer overflow
vulnerability that Adobe said could allow attackers to execute code. Adobe
acknowledged that the vulnerability, identified as CVE-2015-8651,
has already been leveraged by attackers.
"Adobe is aware of a report that an exploit for
CVE-2015-8651 is being used in limited, targeted attacks," the company
wrote on its security blog.
"Adobe recommends users update their product installations to the latest
version using the instructions referenced in the security bulletin."
Initial news reports said CVE-2015-8651 was reported to
Adobe by Kai Wang and Hunter Gao of the Chinese networking firm Huawei, which
has come under fire in recent years for its close
ties to the Chinese government. However, a subsequent update to the Flash
security bulletin removed the acknowledgement for CVE-2015-8651 and
any mention of Wang and Gao. No explanation was given by Adobe for the removal.
The emergency patches for Flash in this week's security
bulletin also cover a type confusion vulnerability, four memory corruption
vulnerabilities and 13 use-after-free vulnerabilities. Like the CVE-2015-8651
vulnerability, all 18 could allow code execution.
This week's patches cap off a difficult year in which
security experts and technology professionals have renewed their calls for
Adobe to kill Flash once and for all. In October, Adobe released an emergency
patch for Flash vulnerabilities that were being exploited in a
series of attacks on foreign ministries. And over the summer, officials from
Facebook and Mozilla issued scathing
rebukes of Adobe after another out-of-band security update was
issued following the discovery of more Flash vulnerabilities in the Hacking Team
data breach.
In addition, this week's emergency patches come just
three weeks after Adobe issued its largest security update of the year, which
addressed a total of 79 critical
vulnerabilities. With Adobe's recent decisions to support HTML5
development and to rename Flash Professional CC as Animate CC, security experts
have speculated that the end of Flash
may be coming sooner rather than later.
=============================================== Good Netiquette And A Green Internet To All!
==============================================
Great
Reasons for Purchasing Netiquette IQ
·
Get more
email opens. Improve 100% or more.
·
Receive
more responses, interviews, appointments, prospects and sales.
·
Be better
understood.
·
Eliminate
indecision.
·
Avoid
being spammed 100% or more.
·
Have
recipient finish reading your email content.
·
Save time
by reducing questions.
·
Increase
your level of clarity.
·
Improve
you time management with your email.
·
Have
quick access to a wealth of relevant email information.
Enjoy
most of what you need for email in a single book.
=====================================================
**Important note** - contact our sister company for very powerful solutions for network, security and systems management!
www.tabularosa.net
In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” has also been published. You can view my profile, reviews of the book and content excerpts at:
www.amazon.com/author/paulbabicki
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications.
Lastly, I
am the founder and president of Tabula
Rosa Systems, a company that provides “best of breed” products for network,
security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT
product information for virtually anyone.
==============================================
No comments:
Post a Comment