CVE-2016-7855 Flash Bug Exploited in Limited Attacks - How to, Technology and PC Security Forum | SensorsTechForum.com
CYBER NEWS

CVE-2016-7855 Flash Bug Exploited in Limited Attacks

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

update-system-health-stforum

Meet CVE-2016-7855, yet another Adobe Flash Player vulnerability of the zero-day type. Adobe has already released a security bulletin, APSB16-36, addressing the issue in versions of Flash from 23.0.0.185 and earlier affected by the flaw. Linux users should keep in mind that Adobe Flash Player for Linux uses a separate version numbering system and versions 11.2.202.637 and earlier are prone to the bug.


What Is CVE-2016-7855?

This vulnerability is a use-after-free flaw that allows an attacker to use a maliciously crafted Flash file to run bad code on a targeted system. This would allow for a number of threats to be dropped on the system. Unfortunately, the flaw has been leveraged in limited, targeted attacks on Windows.

Related: CVE-2016-5195 Found in Every Linux Version (for the Last 9 Years)

Ad already mentioned Adobe has issued an update to address the vulnerability. The patch in mind carried the current version of Flash, 23.0.0.205. Thanks to its built-in update mechanism, Flash will either install the patch automatically or will alert the user to proceed.

Furthermore, the versions of Flash directly integrated into Google Chrome and Microsoft Edge and Internet Explorer browsers will get the updates via their own update mechanisms. Once more, for Adobe Flash Player for Linux, the current version is 11.2.202.643.

This is Adobe’s statement:

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address a critical vulnerability that could potentially allow an attacker to take control of the affected system.

Adobe is aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10.

Avatar

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...