Adobe Preps Zero-Day Flash Patch

  /     /     /  
Publicated : 22/11/2024   Category : security


Adobe Preps Zero-Day Flash Patch


Vulnerability is being actively exploited in the wild, has already been patched in Chrome.



Adobe said it will issue an emergency patch for Flash Wednesday in response to a zero-day vulnerability that attackers are actively exploiting. At least one of the bugs to be patched allows attackers to crash or even take control of a users system.
There are reports that one of these vulnerabilities (CVE-2011-2444) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message, said Wiebke Lips, senior manager for corporate communications at Adobe, via email. This universal cross-site scripting issue could be used to take actions on a users behalf on any website or webmail provider if the user visits a malicious website.
Adobes Wednesday update will patch critical vulnerabilities in Adobe Flash Player (version 10.3.183.7 and earlier) on Windows, Macintosh, Linux, and Solaris, as well as Adobe Flash Player (version 10.3.186.6 and earlier) for Android. An Adobe security bulletin, to be released Wednesday, will have more details about the bugs, as well as a link to patches.
Lips said that some of the vulnerabilities to be fixed in Flash Player were already addressed for Adobe Reader and Acrobat in the
security update
Adobe released earlier this month. Furthermore, she said, the authplay.dll component that provides Flash functionality for Reader and Acrobat 10.1 (and earlier) and 9.x versions isnt susceptible to the zero-day bug thats being actively exploited by attackers.
[Do you have an effective cyber attack response plan? See
7 Lessons: Surviving A Zero-Day Attack
.]
On Tuesday, the latest version of Google Chrome (14.0.835.186 for Windows, Mac, Linux, and Chrome Frame), which
contains a fix
for the zero-day vulnerability, was automatically distributed to users via Chromes auto-updating mechanism. That continues Adobes usual practice of
releasing Flash fixes early
to Google, which integrates and tests the patches with Chrome. Adobe does the same with the roughly 60 other combinations of platforms and configurations for which Flash Player is available, which typically takes a day or two longer than Googles process.
Security experts recommend applying the Flash patch as soon as it becomes available. Serious stuff, and every Internet user (well, those who use Flash--so owners of iPhones and iPads can relax) would be wise to ensure that they update their computers as soon as possible once the patch is released, said Graham Cluley, senior technology consultant at Sophos, in a
blog post
.
In other vulnerability news, Cisco on Tuesday disclosed that the database used by Cisco Identity Services Engine contains default credentials that cant be altered. A remote attacker could use those credentials to modify the device configuration and settings or gain complete administrative control of the device, according to Ciscos
security bulletin
.
There are no ways to mitigate this vulnerability, which scores a 10 (most critical) on the 10-point
CVSS vulnerability scale
. Cisco plans to push a free update on September 30 that will patch the bug.
The vendors, contractors, and other outside parties with which you do business can create a serious security risk. Heres how to keep this threat in check. Also in the new, all-digital issue of Dark Reading: Why focusing solely on your own companys security ignores the bigger picture.
Download it now
. (Free registration required.)

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Adobe Preps Zero-Day Flash Patch