Use-after-free vulnerability in Adobe Flash Player prior to 23.0.0.205 on Windows and OS X and prior to 11.2.202.643 on Linux allows remote malicious users to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
adobe flash_player |
||
redhat enterprise linux desktop 6.0 |
||
redhat enterprise linux desktop 5.0 |
||
redhat enterprise linux workstation 6.0 |
||
redhat enterprise linux server 5.0 |
||
redhat enterprise linux server 6.0 |
||
redhat enterprise linux workstation 5.0 |
Security flaw will be fixed next week, says Redmond exec
Microsoft has not responded well to Google's bug grenade, accusing the ad giant of screwing over netizens and getting its facts wrong. "We believe in coordinated vulnerability disclosure, and today's disclosure by Google puts customers at potential risk," Microsoft said in a statement. It then disputed Google's claims about the seriousness of the hole. "We disagree with Google's characterization of a local elevation of privilege as 'critical' and 'particularly serious,' since the attack scenario...
Even Adobe pushed its patch faster than Windows giant
Google has slung a grenade at Microsoft by disclosing a Windows vulnerability before Redmond has a patch ready. The bug can be exploited by malware on a machine to gain administrator-level access. According to this blog post by Neel Mehta and Billy Leonard of the Chocolate Factory's Threat Analysis Group, the reason for going public is simple: they've seen exploits for the bug in the wild so something has to be done now, like right now. Google describes the vulnerability, CVE-2016-7855, as: The ...
Windows folks – how can we say this? UPDATE ASAP
Adobe is advising folks to update Flash Player – as malware is right now exploiting a newly discovered hole in the internet's screen door to hijack Windows PCs. The emergency patch addresses a single vulnerability, CVE-2016-7855. The use-after-free() programming blunder allows an attacker to achieve remote code execution when the user views a specially crafted Flash media file. The vulnerability was discovered and reported to Adobe by Neel Mehta and Billy Leonard from the Google Threat Analysi...