A new vulnerability in Flash Player -- this one discovered by the Google Threat Analysis Group -- has Adobe patching...
the bedeviled multimedia viewer yet again in response to the critical flaw.
"Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address a critical vulnerability that could potentially allow an attacker to take control of the affected system," Adobe wrote in its security bulletin. Adobe said it "is aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10."
Red Hat gave the vulnerability a preliminary CVSS3 base score of 8.8, indicating a critical vulnerability. "This vulnerability," Red Hat wrote in its security update, "... could allow an attacker to create a specially crafted SWF file that would cause flash plug-in to crash, execute arbitrary code or disclose sensitive information when the victim loaded a page containing the malicious SWF content."
This latest Adobe Flash patch fixes one in a long line of critical vulnerabilities that could doom the media-player software, as the industry turns to HTML5, rather than Flash, for displaying rich content.
The emergency patch comes just two weeks after Microsoft's October Patch Tuesday release of fixes for nine critical vulnerabilities in Adobe Flash.
Neel Mehta and Billy Leonard from Google's Threat Analysis Group reported the vulnerability to Adobe.
Find out more about the security measures enterprises should take as Flash is replaced by HTML5.
Learn about why Flash must be replaced by HTML5.