Menu
Adobe fixes 24 vulnerabilities in Flash Player, including an actively exploited one

Adobe fixes 24 vulnerabilities in Flash Player, including an actively exploited one

The new Flash Player update squashes a bug that hackers have been using to infect computers with ransomware

Adobe Systems released a security update for Flash Player to fix 24 critical vulnerabilities, including one that hackers have been exploiting to infect computers with ransomware over the past week.

The company advised users Thursday to upgrade to the newly released Flash Player 21.0.0.213 on Windows and Mac and Flash Player 11.2.202.616 on Linux. The Flash Player Extended Support Release was also updated to version 18.0.0.343.

As usual, the Flash Player build bundled with Google Chrome on all platforms, Microsoft Edge and Internet Explorer for Windows 10 and IE for Windows 8.1 will be upgraded automatically through the update mechanisms of those browsers.

Twenty-two of the newly patched vulnerabilities can result in remote code execution on users' computers, one can lead to a security feature bypass and one can be used to bypass the memory layout randomization mitigation that's supposed to make exploitation harder in general.

The highlight of this update is the fix for an actively exploited vulnerability tracked as CVE-2016-1019. According to security researchers from Proofpoint, an exploit for this flaw has been used in Web-based attacks to infect computers with file-encrypting ransomware programs since at least March 31.

Fortunately the exploit for CVE-2016-1019 observed in the wild only worked against Flash Player 20.0.0.306 and earlier. Users who had Flash Player 21.0.0.182, released in March, were protected because the exploit doesn't properly execute on this version and only results in a crash.

The code defect itself does exist in Flash Player 21.0.0.182, but a heap mitigation added by Adobe in that version prevents the bug's exploitation for remote code execution.

The company has been strengthening the Flash Player heap -- the region of memory where the program stores variables -- since last year, first in collaboration with Google and then on its own. It seems that those efforts, aimed at making the exploitation of memory corruption vulnerabilities harder, are paying off.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Brand Post

What to expect from your IT Distributor

Whether you’re just starting out or you’ve been around since before the dot com rollercoaster, choosing the right distribution partner can be a pivotal factor in your success. This definitive guide outlines the traits that every IT partner needs to look for in their IT Distributor.

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments