Adobe patches active Flash Player flaw

Eighteen problems were addressed.
Eighteen problems were addressed.

Adobe today issued a slew of patches to resolve vulnerabilities in Flash Player, all were rated critical and one has been spotted in the wild.

Eighteen problems were addressed under bulletin APSB16-08, all of which could potentially allow an attacker to take control of the affected system, Adobe said. However, only CVE-2016-1010, which resolves integer overflow vulnerabilities that could lead to code execution has caused any trouble to date.

Bobby Kuzma, systems engineer at Core Security, singled out CVE-2016-1010 as interesting in this round of patches.

“More of the same for Adobe. However, one of the vulnerabilities fixed does lead to code execution. CVE-2016-1010, found by Anton Ivanov of Kaspersky Labs, is being used in the wild in limited, targeted attacks,” Kuzma said.

The patches cover a wide range of Flash Player products across the Windows, Macintosh, Linux, Android and Chrome OS platforms. The software affected includes Adobe Flash Player Desktop Runtime, Adobe Flash Player for Google Chrome, Adobe Flash Player Extended Support Release and Adobe Flash Player for Microsoft Edge and IE 11.

Some of the other issues fixed, all of which could lead to code execution, were use-after-free vulnerabilities, heap overflow and memory corruption.

Adobe was a Patch Tuesday participant releasing several fixes for its Acrobat and Reader product lines.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS