Patch management, Vulnerability management

Adobe Patch Tuesday: fix issues for Zero-day in Flash Player

Doug OlenickDecember 13, 2016

Adobe rounded out 2016 the same way it rang in 2015, by issuing a slew of patches, including one fixing a zero-day that is currently in the wild and impacting Flash Player.

For Adobe's final Patch Tuesday offering of the year it listed nine security bulletins covering Flash Player, InDesign and ColdFusion Builder, among other applications.

Flash Player alone listed 17 flaws under bulletin APSB16-39 with CVE-2016-7892 existing in the wild and being used in limited, targeted attacks, Adobe said in its security update. It is targeting systems running the 32-bit version of Microsoft's Internet Explorer on Windows.

The remaining Flash Player updates resolve remote code execution, buffer overflow and memory corruption vulnerabilities.

Updates for InDesign, DNG Converter and Animate also fixed what Adobe considers critical issues, mainly memory corruption vulnerabilities.

The remaining issues were all rated as important by the company.

Doug Olenick

Shot of a surgeon looking at a monitor in an operating room

Device Security

7 vulnerabilities patched in Axeda IIoT remote management tool, popular in medical sector

Joe UchillMarch 8, 2022

PTC sunset Axeda in 2019, but the industrial IoT remote monitoring and management agent is still in use in several systems. Based on Forescout telemetry, it is particularly popular in active use within the medical sector, particularly lab testing and imaging.

Claroty data finds medical device disclosures are on the rise, which is an important step to improving the sector’s posture. But Unit 42 research finds the majority of infusion pumps have not been patched, impeding that progress. (Photo by Buda Mendes/Getty Images)

Vulnerability management

Medical device disclosures on the rise, but providers struggle to patch known flaws

Jessica DavisMarch 3, 2022

Palo Alto Networks Unit 42 data shows the majority of infusion pumps are operating with known security vulnerabilities. As disclosures increase, the need for faster medical device security remediation follows.

Network outages and service disruptions have become a prevalent fallout from cyberattacks in healthcare. After the Kronos incident, providers must evaluate how to maintain business continuity. (Photo by Cate Gillon/Getty Images)

Ransomware

Ransomware anatomy: Dual cyberattacks on provider call for vulnerability review

Jessica DavisFebruary 28, 2022

Karma and Conti simultaneously hacked into a healthcare network via a known Microsoft Exchange vulnerability, Sophos research shows. The attack shares lessons learned for other providers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Adobe Patch Tuesday: fix issues for Zero-day in Flash Player

Related

7 vulnerabilities patched in Axeda IIoT remote management tool, popular in medical sector

Medical device disclosures on the rise, but providers struggle to patch known flaws

Ransomware anatomy: Dual cyberattacks on provider call for vulnerability review

Get daily email updates