Adobe today released a new Flash Player in version 23.0.0.205 that fixes a critical security flaw discovered by two of its researchers google. The fault usesin attacks against users of Windows.
Η technique περιγραφή της ευπάθειας είναι: “use-after-free ευπάθεια που θα μπορούσε να οδηγήσει σε αυθαίρετη εκτέλεση κώδικα,” και η Adobe την κωδικοποίησε με το αναγνωριστικό CVE-2.016-7855.
Researchers Neel Mehta and Billy Leonard from the team Google's threat analysis team reported that the CVE-2016-7855 vulnerability appears to be used in limited, targeted attacks, especially by cyber-espionage groups.
Adobe Flash is built into the browser Edge and recent versions of IE, so the next Windows security update will also update Flash automatically. Chrome also has Flash built in, and updating Chrome to its latest version will fix the problem.
Users of other browsers should download the update and install it. The same applies to Linux and Mac users.
At the moment, neither Google nor Microsoft has released security bulletins that fix the problem, but because of the severity of the vulnerability, we will probably hear news very soon.