Hacking

CVE-2016-7855 flaw in Adobe Flash Player exploited in targeted attacks

Adobe has issued a security patch for its Flash Player that fixes a critical vulnerability, tracked as CVE-2016-7855, used in targeted attacks.

Adobe has released a security update for its Flash Player that address a critical vulnerability, tracked as CVE-2016-7855,  that has been exploiting in the wild by threat actors.

According to the security advisory issued by Adobe, the CVE-2016-7855 has been exploiting in targeted attacks. The vulnerability is a use-after-free issue that can be triggered by attackers for arbitrary code execution.

“Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS.  These updates address a critical vulnerability that could potentially allow an attacker to take control of the affected system.” states the summary published by Adobe.

“Adobe is aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10.”

The CVE-2016-7855 flaw affects Windows, Macintosh, Linux and Chrome OS, Flash Player 23.0.0.185 and earlier, and 11.2.202.637 and earlier for Linux.

The vulnerability was discovered by the researchers Neel Mehta and Billy Leonard from the Google Threat Analysis Group.

Adobe  CVE-2016-7855  targeted attacks.Adobe  CVE-2016-7855  targeted attacks.

The researchers confirmed the exploitation of the CVE-2016-7855 vulnerability in a few, targeted attacks against users running Windows 7, 8.1 and 10.

The security researchers at Adobe speculate the involvement of a sophisticated threat actor behind the targeted attacks that exploited the issue.

Adobe issued the Flash Player 23.0.0.205 and 11.2.202.643 (Linux).

Both Microsoft and Google are also expected to address the vulnerability by issuing updates for Chrome, Edge, and Internet Explorer 11.

Adobe software continues to be a privileged target of hackers, zero-day and security vulnerabilities affecting the products of the company have been exploited in numerous attacks in the wild.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – CVE-2016-7855, Adobe)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 45

Security Affairs Malware newsletter includes a collection of the best articles and research on malware…

1 hour ago

Security Affairs newsletter Round 524 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles…

1 hour ago

Experts found rogue devices, including hidden cellular radios, in Chinese-made power inverters used worldwide

Chinese "kill switches" found in Chinese-made power inverters in US solar farm equipment that could…

4 hours ago

US Government officials targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials

FBI warns ex-officials are targeted with deepfake texts and AI voice messages impersonating senior U.S.…

20 hours ago

Shields up US retailers. Scattered Spider threat actors can target them

Google warns that the cybercrime group Scattered Spider behind UK retailer attacks is now targeting…

23 hours ago

U.S. CISA adds Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities catalog<gwmw style="display:none;"></gwmw>

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium, DrayTek routers, and SAP NetWeaver…

1 day ago