Vulnerability Management

Patched Flash bug still vulnerable

A Flash vulnerability, which Adobe patched in its last security update, has been retargeted with a variant.

The flaw allows attackers to execute arbitrary code via unspecified vectors, according to CVE 2015-5560. Though Adobe issued security update 18.0.0.232 to mitigate the original bug, researchers at security firm Morphisec found a new variant, an "in-the-wild exploit residing in a Nuclear exploit kit bypasses the recent Flash mitigation for vector corruption."

Apple's late CEO Steve Jobs was against allowing the Flash plugin on Apple devices, Mozilla is already preventing it from executing within its Firefox browser, while Facebook's new CSO, Alex Stamos, recently tweeted, "It is time for Adobe to announce the end-of-life date for Flash."

Users are once again being advised to patch the popular multimedia and software platform when updates are issued and to implement detection solutions.

Update: Thursday, Oct. 18

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.