Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Security Bug Used in Live Attacks is Fixed by Releasing Adobe Flash Player 21.0.0.182


Flash Player new versions are released by Adobe Systems in trying to fix 18 dangerous vulnerabilities, which can be exploited to control PCs, including one fault that attackers have already targeted.

The company mentioned in a security advisory that "Adobe is aware of a report that an exploit for CVE-2016-1010 is being used in limited, targeted attacks". Researchers of Kaspersky Lab, an antivirus firm, told Adobe that the flaw stems from a mass overflow condition.

CVE-2016-0993, CVE-2016-0963 and CVE-2016-1010 are security vulnerabilities which enable attackers in launching the malicious code on victim's PC by taking advantage of an integer overflow in how a few internal Flash functions operate. The ones with CVE-2016-0961, CVE-2016-0960, CVE-2016-0962, CVE-2016-0989, CVE-2016-0986 and CVE-2016-1005 resolve vulnerabilities related memory corruption.

CVE-2016-1001 fixes pile of problems related to overflow. All 18 bugs cause Remote Code Execution (RCE) which is a very dangerous state, and expert attacker can exploit this to take control of the targeted devices. Softpedia.com posted on March 10th, 2016, stating that a good number of these bugs were discovered by security departments researchers of many companies like Alibaba, Google, Microsoft, HP, Venustech ADLAB, Tencent and NSFOCUS.

Adobe has also released 21.0.0.176 version of AIR Desktop Runtime, AIR SDK & Compiler, AIR SDK and AIR for Android. Adobe recommends users to update their Flash Player installations to version 11.2.202.577 for Linux, and version 21.0.0.182 for Windows or Mac. The Flash Player extended support release has also been upgraded to 18.0.0.133 version.

Vulnerabilities of Flash Player are a regular target for Web-based, driven-by download exploits. The browsers of users are supposed to be configured to require affirmation prior to running plug-in-based content, like Flash. This feature is usually known as click-to-play.

Two days prior to Flash update releasing, Adobe released version 4.5.1 of Adobe Digital Editions to also address a security issue and patched three security bugs in Adobe Reader and Adobe Acrobat. The new and upgraded versions of these software packages are now Adobe Reader 11.0.15 and Adobe Acrobat 15.010.20060.

You can have the latest Adobe Flash Player version from the website of Adobe or from Softpedia's download mirrors for Windows, Linux and Mac operating systems.

» SPAMfighter News - 3/17/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next