Adobe's Flash Player update has been late this time around, but it's here now, and users have a good reason to upgrade since one of the 18 security holes plugged during this month's release is an issue used in real-world malware attacks.
In its security newsletter, the company admits that it's aware that "an exploit exists for CVE-2016-1010," which Kaspersky Labs discovered being used in the wild.
CVE-2016-1010, CVE-2016-0963 and CVE-2016-0993 are security vulnerabilities that allow attackers to launch malicious code on the target's computer by exploiting an integer overflow in how some internal Flash functions operate.
Flash team has been quite busy this month
Besides the aforementioned issues, Adobe has also patched other problems. More exactly, bugs with the CVE identifiers CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, and CVE-2016-1000, fix use-after-free vulnerabilities.
The ones with CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, and CVE-2016-1005 resolve memory corruption vulnerabilities.
CVE-2016-1001 fixes a heap overflow problem. All 18 bugs lead to the same thing, which is remote code execution (RCE), a highly dangerous state that, if exploited by a skilled attacker, can allow them to take control of targeted devices.
Most of these bugs were reported by security researchers working in security departments for multiple companies, such as Google, Alibaba, HP, Microsoft, Tencent, Venustech ADLAB, and NSFOCUS.
Acrobat and Reader have also received security fixes
Two days before releasing this Flash update, Adobe also addressed a security issue by releasing Adobe Digital Editions version 4.5.1 and also patched up three security bugs in Adobe Acrobat and Adobe Reader. The new and up-to-date versions of these software packages are now Adobe Acrobat 15.010.20060 and Adobe Reader 11.0.15.
Source:
http://news.softpedia.com/news/adob...ecurity-bug-used-in-live-attacks-501582.shtml
Note:
The latest Adobe versions are always available on this site from: Here
In its security newsletter, the company admits that it's aware that "an exploit exists for CVE-2016-1010," which Kaspersky Labs discovered being used in the wild.
CVE-2016-1010, CVE-2016-0963 and CVE-2016-0993 are security vulnerabilities that allow attackers to launch malicious code on the target's computer by exploiting an integer overflow in how some internal Flash functions operate.
Flash team has been quite busy this month
Besides the aforementioned issues, Adobe has also patched other problems. More exactly, bugs with the CVE identifiers CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, and CVE-2016-1000, fix use-after-free vulnerabilities.
The ones with CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, and CVE-2016-1005 resolve memory corruption vulnerabilities.
CVE-2016-1001 fixes a heap overflow problem. All 18 bugs lead to the same thing, which is remote code execution (RCE), a highly dangerous state that, if exploited by a skilled attacker, can allow them to take control of targeted devices.
Most of these bugs were reported by security researchers working in security departments for multiple companies, such as Google, Alibaba, HP, Microsoft, Tencent, Venustech ADLAB, and NSFOCUS.
Acrobat and Reader have also received security fixes
Two days before releasing this Flash update, Adobe also addressed a security issue by releasing Adobe Digital Editions version 4.5.1 and also patched up three security bugs in Adobe Acrobat and Adobe Reader. The new and up-to-date versions of these software packages are now Adobe Acrobat 15.010.20060 and Adobe Reader 11.0.15.
Source:
http://news.softpedia.com/news/adob...ecurity-bug-used-in-live-attacks-501582.shtml
Note:
The latest Adobe versions are always available on this site from: Here
