Adobe released a new Flash today Player στην έκδοση 23.0.0.205 που διορθώνει ένα κρίσιμο ελάττωμα ασφαλείας που ανακαλύφθηκε από δύο ερευνητές της Google. The fault usesin attacks against Windows users.
The technical description of the vulnerability is "use-after-free vulnerability that could lead to arbitrary code execution", and Adobe encoded it with the ID CVE-2.016-7855.
Researchers Neel Mehta and Billy Leonard from the team Google's threat analysis team reported that the CVE-2016-7855 vulnerability appears to be used in limited, targeted attacks, especially by cyber-espionage groups.
Adobe Flash is embedded in the Edge browser and recent versions of IE, so the next Windows security update will also update Flash automatically. Chrome also has built-in Flash and a Chrome update to its latest version will fix the problem.
The users other browsers will need to download the update and install it. The same goes for Linux and Mac users.
At the moment, neither Google nor Microsoft has released security bulletins that fix the problem, but because of the severity of the vulnerability, we will probably hear news very soon.