Patch/Configuration Management, Threat Management, Vulnerability Management

Adobe use-after-free flaw allows code execution

Adobe is advising users to immediately update to the latest version after a use-after-free vulnerability that could lead to code execution was spotted in the wild.

The flaw, CVE-2016-7855, affects Windows, Mac, Linux and Chrome operating systems and has been rated as critical as it could allow an attacked to take control of an infected systems, according to an Oct. 26 Adobe Security Bulletin

Affected products include Adobe Flash Player for Google Chrome, Linux, Microsoft Edge, Internet Explorer 11, and Desktop Runtime. The vulnerability was reported by Neel Mehta and Billy Leonard from Google's Threat Analysis Group and has been exploited in a limited number of attacks targeting against users running Windows versions 7, 8.1 and 10.

Researchers said that users of Flash Player 11.2.x or later for Windows, or Flash Player 11.3.x or later for Macintosh that have selected the 'Allow Adobe to install updates' option will automatically receive the update while users who haven't can install the update via the update mechanism within the product when prompted.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.