Information Security News mailing list archives
Did you hear? There's a critical security hole that lets web pages hijack computers. Of course it's Adobe Flash's fault
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 21 Nov 2018 10:13:50 +0000 (UTC)
https://www.theregister.co.uk/2018/11/20/adobe_flash_bug/ By Shaun Nichols The Register 20 Nov 2018Adobe has emitted software updates to address a critical vulnerability in Flash Player for Windows, Mac, and Linux.
PC owners and admins will want to upgrade their copies of Flash to version 31.0.0.153 or later in order to get the patch – or just dump the damn thing all together.
The November 20 security update addresses a single flaw, designated CVE-2018-15981. It is a type confusion bug that can be exploited to achieve remote code execution. Basically, an attacker could slip the exploit code into a Flash .swf file, put it on a web page, and covertly install malware on any vulnerable machine that visits the page.
Because Adobe does not maintain a fixed patching schedule for Flash Player, this isn't technically considered an out-of-band band-aid. However, the update does come just one week after Adobe pushed out a handful of fixes for Patch Tuesday, including one for an information disclosure vulnerability in Flash Player.
[...]
-- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ https://twitter.com/infosecnews_
Current thread:
- Did you hear? There's a critical security hole that lets web pages hijack computers. Of course it's Adobe Flash's fault InfoSec News (Nov 21)