Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Adobe issued the updates for 11 Critical Vulnerabilities

Adobe released security updates for Adobe Flash Player to fix 11 Critical Vulnerabilities, most of them Remote Code Execution flaws. Adobe has issued a critical update for the Flash Player product that fixes set of 11 critical security vulnerabilities in its software. The update is classified as critical because most of the security flaws could […]

Adobe Reader

Adobe released security updates for Adobe Flash Player to fix 11 Critical Vulnerabilities, most of them Remote Code Execution flaws.

Adobe has issued a critical update for the Flash Player product that fixes set of 11 critical security vulnerabilities in its software. The update is classified as critical because most of the security flaws could be exploited by a threat actor to remotely execute arbitrary code on a targeted machine.

Giving a look at the list of the vulnerabilities fixed by the update it is possible to note that nine flaws are Remote Code Execution vulnerabilities. In a classic attack scenario, the attack chain could start with specially crafted Flash file server through a phishing campaign. The specially crafted Flash file could be exploited by attackers to trigger the vulnerabilities and execute arbitrary code on the victim’s PC.

The complete list of all the patched vulnerabilities is reported below:

  • CVE-2014-0332 — Remote code execution via memory corruption vulnerability.
  • CVE-2015-0333 — Remote code execution via memory corruption vulnerability.
  • CVE-2015-0334 — Remote code execution from type confusion vulnerability.
  • CVE-2015-0335 — Remote code execution via memory corruption vulnerability.
  • CVE-2015-0336 — Remote code execution from type confusion vulnerability.
  • CVE-2015-0337 — A ‘cross domain policy bypass’ flaw.
  • CVE-2015-0338 — Remote code execution from integer overflow vulnerability.
  • CVE-2015-0339 — Remote code execution via memory corruption vulnerability.
  • CVE-2015-0340 — A ‘File upload restriction bypass’ flaw.
  • CVE-2015-0341 — Remote code execution from a ‘use-after-free’ vulnerability.
  • CVE-2015-0342 — Remote code execution from a ‘use-after-free’ vulnerability.

The vulnerabilities affect all versions prior to the latest version 17.0.0.134 of the Flash Player running on Windows and Mac OS X systems.

adobe flash player update 2

 

Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to version 17.0.0.134

“Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux.  These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system.” states the Adobe Security Advisory Bulletin

The security bulletin also reports that Adobe Flash Player 11.2.202.442 for Linux and Flash Player Extended Support Release 13.0.0.269 for Windows and Mac OS X are affected by the vulnerabilities fixed by the update.

The good news is that Adobe confirmed that none of the vulnerabilities are being publicly exploited in the wild, anyway security experts fear an escalation of attacks exploiting the above flaws after the release of the update. In the criminal ecosystem, it is quite easy to see a spike in the number of attacks targeting recently fixed vulnerabilities with the intent to exploit  vulnerable machines not yet fixed.

The update released by Adobe comes a few days Apple and Microsoft have released updates for their products to patch the FREAK encryption-downgrade flaw.

Don’t waste time, if you are running Adobe Flash Player on your system update it!

Pierluigi Paganini

(Security Affairs –  Adobe, critical update)