On Tuesday Adobe issued an emergency patch in order to fix a Flash Player flaw CVE-2104-8439 that was fixed last month but got exploited again. Adobe added “mitigation” for the vulnerability.
The new versions are available for:
- Windows – 126.96.36.199
- Mac OS – 188.8.131.52
- Linux – 184.108.40.2064
Users of Adobe Flash Player are recommended to update to the latest version immediately. IE10 and IE11 on Windows 8.x will automatically update the currently used versions of Flash. The same goes for Chrome. As you download the latest versions of Flash from the official homepage, make sure to check for any potentially unwanted add-ons (for example McAfee Security Scan) during the installation process.
The flaw can be used for malware installation on the compromised machine. The Adobe team stated that the update will provide extra hardening against CVE-2104-8439.
Software versions of Adobe Flash Player affected by the bug:
- 220.127.116.11 and earlier
- Earlier 13.x versions
- 18.104.22.1688 and earlier versions for Linux
The exploits in the Nuclear and Angler kits were detected by the French researcher Kafeine shortly after the company released an update on Oct.14. This update patched three CVEs that can cause integer overflows or memory corruption and allow cybercriminals to load and execute code on the targeted machine from a remote location.
Angler and Fiesta are used in attacks against vulnerable websites, redirecting visitors to corrupted web pages that host banking malware or other threats. Flash Player vulnerabilities are highly exploited by that kind of kits, along with Microsoft Silverlight and Java flaws.
The same researcher reported another Adobe exploit last week. The vulnerability CVE-2014-8440 has been detected in Angler. The flaw can let a hacker get control of the compromised system. The bug can be found on numerous systems, like OS X, Linux and Windows. According to Kafeine, the vulnerability has already attracted a great deal of attention among cyber crooks.