Home > Cyber News > CVE-2016-7855 Flash Bug Exploited in Limited Attacks
CYBER NEWS

CVE-2016-7855 Flash Bug Exploited in Limited Attacks

by   |  Last Update:  |  0 Comments  

update-system-health-stforum

Meet CVE-2016-7855, yet another Adobe Flash Player vulnerability of the zero-day type. Adobe has already released a security bulletin, APSB16-36, addressing the issue in versions of Flash from 23.0.0.185 and earlier affected by the flaw. Linux users should keep in mind that Adobe Flash Player for Linux uses a separate version numbering system and versions 11.2.202.637 and earlier are prone to the bug.

What Is CVE-2016-7855?

This vulnerability is a use-after-free flaw that allows an attacker to use a maliciously crafted Flash file to run bad code on a targeted system. This would allow for a number of threats to be dropped on the system. Unfortunately, the flaw has been leveraged in limited, targeted attacks on Windows.

Related: CVE-2016-5195 Found in Every Linux Version (for the Last 9 Years)

Ad already mentioned Adobe has issued an update to address the vulnerability. The patch in mind carried the current version of Flash, 23.0.0.205. Thanks to its built-in update mechanism, Flash will either install the patch automatically or will alert the user to proceed.

Furthermore, the versions of Flash directly integrated into Google Chrome and Microsoft Edge and Internet Explorer browsers will get the updates via their own update mechanisms. Once more, for Adobe Flash Player for Linux, the current version is 11.2.202.643.

This is Adobe’s statement:

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address a critical vulnerability that could potentially allow an attacker to take control of the affected system.

Adobe is aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. Top 15 Linux Security Questions You Didn’t Know You Had Beginner Linux administrators and users should know that even though...
  2. Adobe Patches 112 Vulnerabilities in Latest Patch Package (CVE-2018-5007) Adobe has released the latest patch package that addresses a...
  3. The Best Linux Server Distributions in 2017 Gnu/Linux is one of the leading server operating systems due...
  4. Top Security and Privacy Linux Distributions in 2019 There are many specialist Linux distributions that are designed with...
  5. The 10 Best Methods on How to Improve Linux Security This blog post is created in order to help you...
  6. CVE-2018-4878 Flash Player Flaw: What You Need to Know Adobe Flash Player has been long targeted by hackers. Plenty...
  7. Cisco Patches ASA Software against CVE-2016-1385, CVE-2016-1379 If you’re a user of Cisco’s Adaptive Security Appliances (ASAs),...
  8. July 2021 Patch Tuesday: Actively Exploited CVE-2021-34448 Fixed Microsoft Windows July 2021 Patch Tuesday just rolled out, patching...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree