Adobe released today a new Flash Player in the version 23.0.0.205 που διορθώνει ένα κρίσιμο ελάττωμα ασφαλείας που ανακαλύφθηκε από δύο ερευνητές της Google. Το ελάττωμα χρησιμοποιείται σε επιθέσεις εναντίον χρηστών των Windows.
The technical description of the vulnerability is: “use-after-free vulnerability that could lead to arbitrary implementation code,” and Adobe encoded it with the identifier CVE-2.016-7855.
Researchers Neel Mehta and Billy Leonard from Google's threat analysis team reported that the CVE-2016-7855 vulnerability appears to be used in limited, targeted attacks, especially by cyber-espionages.
Adobe Flash is embedded in the Edge browser and recent versions of IE, so the next Windows security update will also update Flash automatically. Chrome also has built-in Flash and a Chrome update to its latest version will fix the problem.
The users άλλων προγραμμάτων browsing they should download the update and install it. The same goes for Linux and Mac users.
At the moment, neither Google nor Microsoft has released security bulletins that fix the problem, but because of the severity of the vulnerability, we will probably hear news very soon.
