Security Loophole Discovered in Adobe Flash

Jul 9, 2015 | Information Security

On July 7, 2015 Adobe announced on their security bulletin a security advisory regarding a major vulnerability found in Adobe Flash Player.  The vulnerability affects Windows, Macintosh and Linux operating systems. This exploitable bug will allow hackers to run commands on victim’s computers while they are accessing susceptible websites. Successful exploitation could cause either unrestricted access to information on a machine or a system crash which would potentially allow a hacker to take control of the system. This vulnerability can be found within browsers such as Internet Explorer, Google Chrome and Safari.

This vulnerability was reported on when Brian Krebs, security blogger from krebsonsecurity.com, discovered a leaked document, likely accessed and stolen via the now-since-identified vulnerability which was exploited by major group of threat actors, ‘The Hacking Team’.  These attackers seem to have gotten to the files by installing malware and viruses to monitor or remotely control PCs on the network.  Another vulnerability which was discovered allows the attacker to elevate their privileges on a machine to Administrator status.

Effected software versions

N

Adobe Flash Player 18.0.0.194 and earlier versions for Windows and Macintosh

N

Adobe Flash Player Extended Support Release version 13.0.0.296 and earlier 13.x versions for Windows and Macintosh

N

Adobe Flash Player 11.2.202.468 and earlier 11.x versions for Linux

Adobe recommends users update their product installations to the latest versions using the instructions provided in the “Solution” section in Security Bulletin APSB15-16.

For more information about this vulnerability, feel free to reach out to: 

Nate Gravel – Director of the Information Security Practice ngravel@gravoc.com
-or-
Jackson Schultz – Security Consultant jschultz@gravoc.com

REFRENCES

Adobe Security Bulletin 

The Tech Portal

Mashable

Related articles