Now Reading
Adobe Flash Player found to vulnerable yet again, to be patched later this week

Adobe Flash Player found to vulnerable yet again, to be patched later this week

by AshwinOctober 15, 2015

Abobe Flash Player, chances are you read these words, you are likely to think about three things.

Adobe Flash Player

Ads, Videos and security vulnerabilities. And no prizes for guessing which one of those is making the headline here.

It hasn’t been two months yet, since the massive data breach occured at a security firm. The attackers reportedly exploited a security flaw in Abobe’s Flash Player, which resulted in hundreds of gigabytes of data being stolen. Following this untoward incident, Mozilla blocked the Flash plugin in its browser, Firefox, for a while, before restoring it when the security issues were patched by Adobe.

This incident also resulted in Facebook’s Chief of Security, calling for the end of support for Adobe Flash, which not so surprisingly, also made other users join in the outcry.

Now, two months later, the situation returns, as once again, Adobe Flash Player found to vulnerable and has been used to breach the security systems of high profile politicians.

VentureBeat reports that the discovery was made by Trend Micro, a security firm famed for its antivirus products. It says that the attackers used a simple method to gain access to the systems, through spear phishing. What happens in this method, is a fake email with a malicious URL is sent from a known contact, which results in the recipient eventually reading the mail and clicking on the link.

This results in a zero day exploit being used to attack the system. And thus, the hacker takes control of the entire system.

Trend Micro reported these vulnerabilities to the Plugin maker, and Adobe, has confirmed that the security issue does exist. Adobe has even published a security bulletin at its website educating users about the critical vulnerability, which has been named (CVE-2015-7645).

The following versions of Adobe Flash Player are found to be vulnerable:

  • Adobe Flash Player and earlier versions for Windows and Macintosh
  • Adobe Flash Player Extended Support Release version and earlier 18.x versions
  • Adobe Flash Player and earlier 11.x versions for Linux

Ironically, the latest update for Adobe Flash Player only began rolling yesterday, (I actually got it this morning), so it will be a while before the company will patch up the issues reported, and release the update containing the fixes. Apparently this new update will begin rolling out next week, according to the following statement from the plugin maker.

Adobe expects to make an update available during the week of October 19.

Let’s hope this fixes the issues for good.