Home > Cyber News > CVE-2016-7855 Flash Bug Exploited in Limited Attacks
CYBER NEWS

CVE-2016-7855 Flash Bug Exploited in Limited Attacks

update-system-health-stforum

Meet CVE-2016-7855, yet another Adobe Flash Player vulnerability of the zero-day type. Adobe has already released a security bulletin, APSB16-36, addressing the issue in versions of Flash from 23.0.0.185 and earlier affected by the flaw. Linux users should keep in mind that Adobe Flash Player for Linux uses a separate version numbering system and versions 11.2.202.637 and earlier are prone to the bug.


What Is CVE-2016-7855?

This vulnerability is a use-after-free flaw that allows an attacker to use a maliciously crafted Flash file to run bad code on a targeted system. This would allow for a number of threats to be dropped on the system. Unfortunately, the flaw has been leveraged in limited, targeted attacks on Windows.

Related: CVE-2016-5195 Found in Every Linux Version (for the Last 9 Years)

Ad already mentioned Adobe has issued an update to address the vulnerability. The patch in mind carried the current version of Flash, 23.0.0.205. Thanks to its built-in update mechanism, Flash will either install the patch automatically or will alert the user to proceed.

Furthermore, the versions of Flash directly integrated into Google Chrome and Microsoft Edge and Internet Explorer browsers will get the updates via their own update mechanisms. Once more, for Adobe Flash Player for Linux, the current version is 11.2.202.643.

This is Adobe’s statement:

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address a critical vulnerability that could potentially allow an attacker to take control of the affected system.

Adobe is aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree