On July 7, 2015 Adobe announced on their security bulletin a security advisory regarding a major vulnerability found in Adobe Flash Player. The vulnerability affects Windows, Macintosh and Linux operating systems. This exploitable bug will allow hackers to run commands on victim’s computers while they are accessing susceptible websites. Successful exploitation could cause either unrestricted access to information on a machine or a system crash which would potentially allow a hacker to take control of the system. This vulnerability can be found within browsers such as Internet Explorer, Google Chrome and Safari.
This vulnerability was reported on when Brian Krebs, security blogger from krebsonsecurity.com, discovered a leaked document, likely accessed and stolen via the now-since-identified vulnerability which was exploited by major group of threat actors, ‘The Hacking Team’. These attackers seem to have gotten to the files by installing malware and viruses to monitor or remotely control PCs on the network. Another vulnerability which was discovered allows the attacker to elevate their privileges on a machine to Administrator status.
Effected software versions
Adobe Flash Player 18.0.0.194 and earlier versions for Windows and Macintosh
Adobe Flash Player Extended Support Release version 13.0.0.296 and earlier 13.x versions for Windows and Macintosh
Adobe Flash Player 11.2.202.468 and earlier 11.x versions for Linux
Adobe recommends users update their product installations to the latest versions using the instructions provided in the “Solution” section in Security Bulletin APSB15-16.
For more information about this vulnerability, feel free to reach out to:
Nate Gravel – Director of the Information Security Practice ngravel@gravoc.com
-or-
Jackson Schultz – Security Consultant jschultz@gravoc.com
REFRENCES
Related articles
GraVoc Recognized on CRN MSP 500 List for Second Year in a Row
For the second year in a row, GraVoc has been recognized on the CRN® MSP 500 list in the Pioneer 250 category!
PCI SAQ Types: Which SAQ is Right for Your Business?
In this blog post, we provide an overview of the SAQ types for PCI DSS v4.0 and how to select a PCI SAQ that’s right for your business.
GraVoc Wins Banker & Tradesman’s Best of 2023 Awards
GraVoc won a Silver Medal for Cybersecurity and a Bronze Medal for Web Design in Banker & Tradesman’s Best of 2023 readers’ choice awards!