Adobe to Release Patch Addressing Critical Flash Vulnerability

adobe-patchAdobe is set to roll out a patch that will cover a fix on a critical Flash Player vulnerability that is currently being exploited in the wild. In a security advisory, the company notes, “A critical vulnerability (CVE-2016-4117) exists in Adobe Flash Player 21.0.0.226 and earlier versions for Windows, Macintosh, Linux, and Chrome OS.”

When exploited, the security hole could crash the system and even give access to an attacker in order to gain control of the infected machine. While no further information has been divulged on the details of the vulnerability, researchers note that there’s a possibility that this could be used in the propagation of cybercrime kits such as Angler—the brainchild of cybercriminals who are seeking new attack vectors of compromise such as Flash, Java, and Silverlight.

Further, the exploit in question could also be used in malvertising campaigns. This means that a user visiting a website injected with a poisoned ad could easily compromise a system, much like how online crooks behind Magnitude and Nuclear exploit kits succeeded in staging attacks involving zero-day vulnerabilities.

According to the advisory, the patch will address the vulnerability through Adobe’s monthly security update, which will be available "as early as May 12."

Trend Micro protects systems from the risks posed by zero-day attacks. The Browser Exploit Prevention feature of endpoint products such as Trend Micro™ Security, Smart Protection Suites, and Worry-Free Business Security blocks browser exploits. The Sandbox with Script Analyzer engine, which is part of Trend Micro™ Deep Discovery, can be used to detect this threat by its behavior without any engine or pattern updates.
HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.