Adobe patches multiple flaws including a Flash Zero-Day exploited in the wild

Adobe issued security patches that address multiple flaws in 9 products, including fixes for zero-day vulnerabilities that has been exploited in the wild.

Adobe has issued security updates to fix vulnerabilities in nine products, including patches for zero-day flaws that has been exploited in targeted attacks.

The version 24.0.0.186 of Flash Player addresses 17 vulnerabilities, some of them can be exploited by attackers for arbitrary code execution. The most severe vulnerability fixed by the updates is a use-after-free issue, tracked as is CVE-2016-7892, that was reported to Adobe by an individual who wanted to remain anonymous.

The remaining flaws in the Adobe Flash Player vulnerabilities were reported to the company by independent researchers and experts from multiple organizations, Pangu LAB, Tencent, Microsoft, CloverSec Labs, Qihoo 360, Trend Micro’s Zero Day Initiative (ZDI) and Palo Alto Networks.

“Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.” reads the Adobe Security Bulletin.

“Adobe is aware of a report that an exploit for CVE-2016-7892 exists in the wild, and is being used in limited, targeted attacks against users running Internet Explorer (32-bit) on Windows.”

Adobe confirmed the existence in the wild of an exploit code for the CVE-2016-7892 vulnerability, the company also revealed that it was used in limited, targeted attacks against Windows users running a 32-bit version of Internet Explorer.

Adobe also issued other security updates that patch vulnerabilities in other products, including Animate, Experience Manager Forms, DNG Converter, InDesign, ColdFusion Builder, Digital Editions, and RoboHelp.

None of the above vulnerabilities had been exploited in the wild.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Adobe Flash , Zero-Day, hacking)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.