On July 7, 2015 Adobe announced on their security bulletin a security advisory regarding a major vulnerability found in Adobe Flash Player. The vulnerability affects Windows, Macintosh and Linux operating systems. This exploitable bug will allow hackers to run commands on victim’s computers while they are accessing susceptible websites. Successful exploitation could cause either unrestricted access to information on a machine or a system crash which would potentially allow a hacker to take control of the system. This vulnerability can be found within browsers such as Internet Explorer, Google Chrome and Safari.
This vulnerability was reported on when Brian Krebs, security blogger from krebsonsecurity.com, discovered a leaked document, likely accessed and stolen via the now-since-identified vulnerability which was exploited by major group of threat actors, ‘The Hacking Team’. These attackers seem to have gotten to the files by installing malware and viruses to monitor or remotely control PCs on the network. Another vulnerability which was discovered allows the attacker to elevate their privileges on a machine to Administrator status.
Effected software versions
Adobe Flash Player 18.0.0.194 and earlier versions for Windows and Macintosh
Adobe Flash Player Extended Support Release version 13.0.0.296 and earlier 13.x versions for Windows and Macintosh
Adobe Flash Player 11.2.202.468 and earlier 11.x versions for Linux
Adobe recommends users update their product installations to the latest versions using the instructions provided in the “Solution” section in Security Bulletin APSB15-16.
For more information about this vulnerability, feel free to reach out to:
Nate Gravel – Director of the Information Security Practice ngravel@gravoc.com
-or-
Jackson Schultz – Security Consultant jschultz@gravoc.com
REFRENCES
Related articles
Business Email Compromise: Top BEC Tactics & How to Protect Against Them
We take a look at Business Email Compromise, including common BEC tactics and what your business can do to protect against them.
FFIEC CAT Sunset: Why the CRI Profile is a Strong Alternative
With the FFIEC CAT sunset approaching, we explore why the CRI Profile is a strong alternative to the CAT for financial institutions!
FTC Safeguards Rule Compliance for Auto Dealerships
We’ll go over the FTC Safeguards Rule, what it requires, and how a managed service provider can help auto dealerships stay compliant.