Patch/Configuration Management, Vulnerability Management

Google researchers discover Flash flaw exploited in the wild

Adobe has released a patch for a Flash Player vulnerability that has been exploited in the wild, according to a security bulletin.

Adobe announced in the bulletin that attackers exploited the flaw in “limited, targeted attacks” against users running Windows versions 7, 8.1 and 10.

The CVE-2016-7855 vulnerability, a use-after-free memory flaw, was reported by Google's Threat Analysis security researchers Group Neel Mehta and Billy Leonard. Adobe has patched the critical vulnerability in Flash Player update 23.0.0.205.

Security professionals have struggled for years to implement alternatives to the security-riddled software on a wide scale. Flash provides a rich pool of flaws that malicious actors exploit, as users fail to install updates to the platform. Microsoft Secure Blog announced earlier this month that Adobe Flash Player was used in 99.2 percent of malware in the fourth quarter of 2015.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.