Prime Inspiration

Adobe Confirms Major Security Flaw In Flash Player For Windows, Mac And Linux

by

Edward Ramamoorthy
in
Adobe Flash
Adobe Flash

Adobe has confirmed a major security vulnerability that affects all versions of Flash for Windows, Mac and Linux computers. The vulnerability can be used by hackers to crash a target PC or even take complete control of the computer. Adobe claims that so far all attacks using this vulnerability are limited and targeted.

A critical vulnerability (CVE-2015-7645) has been identified in Adobe Flash Player 19.0.0.207 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.

According to Adobe, there is no way to circumvent these attacks and the only way to effectively protect yourself is to completely uninstall Flash Player from your machine.

Adobe has updated its security bulletin on their website about this vulnerability and posted that they will release an update by October 16, i.e. today. However, it is also not clear if all versions of Flash Player will be patched across all platforms.

Adobe is aware of a report that an exploit for this vulnerability is being used in limited, targeted attacks.

UPDATE: Adobe expects updates to be available as early as October 16.

This new Flash vulnerability was first discovered by security researchers at Trend Micro, while investigating on the attackers behind Pawn Storm.

Trend Micro researchers have discovered that the attackers behind Pawn Storm are using a new Adobe Flash zero-day exploit in their latest campaign. Pawn Storm is a long-running cyber-espionage campaign known for its high-profile targets and usage of the first Java zero-day we’ve seen in the last couple of years.

Trend Micro also warns people that any attack using this vulnerability starts with phishing e-mails that contained links leading to the exploit.

In this most recent campaign, Pawn Storm targeted several foreign affairs ministries from around the globe. The targets received spear phishing e-mails that contained links leading to the exploit. The emails and URLs were crafted to appear like they lead to information about current events, with the email subjects containing the following topics:

  • Suicide car bomb targets NATO troop convoy Kabul
  • Syrian troops make gains as Putin defends air strikes
  • Israel launches airstrikes on targets in Gaza
  • Russia warns of response to reported US nuke buildup in Turkey, Europe
  • US military reports 75 US-trained rebels return Syria

According to Adobe security bulletin the following version of Adobe Flash Player are affected and needs to be updated when the fix is released.

  • Adobe Flash Player 19.0.0.207 and earlier versions for Windows and Macintosh
  • Adobe Flash Player Extended Support Release version 18.0.0.252 and earlier 18.x versions
  • Adobe Flash Player 11.2.202.535 and earlier 11.x versions for Linux

To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select “About Adobe (or Macromedia) Flash Player” from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.

Again, every version of Flash Player on Windows, Mac and Linux is affected. And until fixes are released by Adobe, the only way to protect your computer is to completely uninstall Flash. While known attacks that utilize this exploit indeed appear to be very targeted, there is simply no way to tell if the security hole is being used more widely by hackers.

Source: Trend Micro, Adobe

Tags:

, , , , , ,
Edward Ramamoorthy Avatar
Edward Ramamoorthy
I work for one of the top 10 tech companies in India. In my spare time, I write for PrimeInspiration.com.

Help Us Grow

If you like this post, please share it with your friends.

You are free to copy and redistribute this article in any medium or format, as long as you keep the links in the article or provide a link back to this page.

Subscribe to Newsletter

Privacy Settings

Privacy & Cookie Overview

Our website uses cookies to provide you with the best user experience possible. These cookies are stored in your browser and perform essential functions such as recognizing you when you return to our website, as well as helping us to understand which sections of the website you find most useful and engaging.

To learn more, you can read our Privacy & Cookie Policy or reach out through our Contact form.

Strictly Necessary Cookies

Strictly Necessary Cookies must always be enabled to ensure the proper functioning of this website and to allow us to provide you with excellent service. These cookies are also essential for saving your cookie preferences.

Google Adsense

We use Google AdSense to keep this site free by displaying relevant ads. AdSense requires essential cookies that cannot be disabled, but you can manage other cookies. We respect your privacy and provide options to control non-essential cookies.

For more details on how Google handles your data, visit Google's Data Usage Policy. Please review our Privacy Policy for more information on how we protect your data.

AddToAny

We use AddToAny for social sharing. It doesn’t store cookies, ensuring a privacy-friendly experience. AddToAny complies with GDPR and CCPA by default.

For more, see their Privacy Policy.

OneSignal

We use OneSignal to send notifications to users who opt in. OneSignal complies with GDPR and is certified under the EU-US and Swiss-US Privacy Shield frameworks.

For more, see their Privacy Policy.

3rd Party Cookies

This website utilizes third-party cookies, which can enhance your experience and support our ongoing efforts to improve our services.

Google Analytics

We use Google Analytics to collect anonymous data, such as visitor numbers and popular pages, to improve user experience and site performance. Keeping this cookie enabled helps us refine the site based on visitor activity.

For more information, see Google’s Privacy Policy.

Discover more from Prime Inspiration

Subscribe now to keep reading and get access to the full archive.

Continue reading