On July 7, 2015 Adobe announced on their security bulletin a security advisory regarding a major vulnerability found in Adobe Flash Player. The vulnerability affects Windows, Macintosh and Linux operating systems. This exploitable bug will allow hackers to run commands on victim’s computers while they are accessing susceptible websites. Successful exploitation could cause either unrestricted access to information on a machine or a system crash which would potentially allow a hacker to take control of the system. This vulnerability can be found within browsers such as Internet Explorer, Google Chrome and Safari.
This vulnerability was reported on when Brian Krebs, security blogger from krebsonsecurity.com, discovered a leaked document, likely accessed and stolen via the now-since-identified vulnerability which was exploited by major group of threat actors, ‘The Hacking Team’. These attackers seem to have gotten to the files by installing malware and viruses to monitor or remotely control PCs on the network. Another vulnerability which was discovered allows the attacker to elevate their privileges on a machine to Administrator status.
Effected software versions
Adobe Flash Player 18.0.0.194 and earlier versions for Windows and Macintosh
Adobe Flash Player Extended Support Release version 13.0.0.296 and earlier 13.x versions for Windows and Macintosh
Adobe Flash Player 11.2.202.468 and earlier 11.x versions for Linux
Adobe recommends users update their product installations to the latest versions using the instructions provided in the “Solution” section in Security Bulletin APSB15-16.
For more information about this vulnerability, feel free to reach out to:
Nate Gravel – Director of the Information Security Practice ngravel@gravoc.com
-or-
Jackson Schultz – Security Consultant jschultz@gravoc.com
REFRENCES
Related articles
Tackle the Cybersecurity Talent Shortage by Hiring a vCISO
In this blog post, we discuss how outsourcing cybersecurity operations to a vCISO can help businesses, including SMBs, tackle the cybersecurity talent shortage.
Need-to-Know Privilege Explained
In this blog post and video, we explore need-to-know privilege in cybersecurity and why it’s important for organizations to assign user permissions on a need-to-know basis.
Email Security: Solutions to Protect Your Inbox from Cybersecurity Threats
In this blog post, we discuss the importance of email security for businesses and explore the VIPRE and Sendmarc email protection technology solutions.