Adobe Rushes Out Emergency Patch For Flash

Adobe has rushed out an emergency update for Flash that fixes a vulnerability being actively attacked.

The update comes after the company issued emergency updates last month to more than two dozen “critical” security vulnerabilities, most of which could allow an attacker to take over a user’s computer.

Flash Patch

The current Flash update (CVE-2016-7855) covers all platforms including Windows, Mac, Linux and Chrome OS. The firm said that the update addresses a critical vulnerability that could potentially allow an attacker to take control of the affected system.

“Adobe is aware of a report that an exploit for CVE-2016-7855 exists in the wild, and is being used in limited, targeted attacks against users running Windows versions 7, 8.1 and 10,” it warned in its advisory.

According to Kaspersky Lab, the CVE-2016-7855 flaw was privately disclosed by Neel Mehta and Billy Leonard of the Google Threat Analysis Group. It noted that Mehta was one of four researchers who was credited with finding and disclosing the Heartbleed vulnerability in 2014.

Heartbleed of course was one of a string of Internet-wide vulnerabilities found in OpenSSL and allowed an attacker to read memory from encrypted sessions.

“Adobe would like to thank Neel Mehta and Billy Leonard from Google’s Threat Analysis Group for reporting CVE-2016-7855 and for working with Adobe to help protect our customers,” said Adobe.

Ongoing Concerns

Adobe has issued a number of emergency patches for Flash this year due to critical vulnerabilities being ‘actively exploited’ in the wild.

Indeed, flaws and vulnerabilities with Flash are a depressingly familiar story to many in the security industry. Last year Mozilla lost patience and blocked Adobe Flash by default following the discovery of yet more zero-day vulnerabilities in the browser plug-in. That block remained in place until Adobe rushed out a patch for the flaw.

And even Adobe itself apparently recognises the days of Flash are numbered. In December, it acknowledged the inevitability of an HTML5 world and said it was now “encouraging” developers and content creators away from Flash, in order to use newer web standards.

But a study published in June found that the transition to HTML5 is unlikely to prevent the types of attacks that currently exploit Flash bugs, since attackers can easily design similar attacks that don’t require Flash.

Adobe’s Flash was also famously hated by the late Steve Jobs, after the former Apple CEO famously called it a doomed technology. Indeed, such was Jobs opposition to Flash that he publicly attacked it in April 2010, which prompted a bitter spat with Adobe’s CEO.

The bad blood between Apple and Adobe continued for some time, not helped by an Adobe ad campaign that blasted Apple for its closed approach regarding developer licensing.

Are you a security pro? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

The State of Quantum Security

No longer a technology on the distant horizon, quantum computing brings with it security challenges…

9 hours ago

US Carmakers Warn Over Upcoming Electric Vehicle Incentives

Climate and tax bill worth $430bn passed by US Congress last week could immediately eliminate…

9 hours ago

Mercedes-Benz And CATL To Build Massive EV Battery Plant In Hungary

Mercedes-Benz and world's biggest EV battery maker CATL to build 7.3bn euro battery plant in…

10 hours ago

ESA In Talks With SpaceX Over Launches To Replace Soyuz

European Space Agency confirms it is in talks with SpaceX over using Falcon 9 as…

10 hours ago

Disney Brings Ads To Streaming Platform As It Surpasses Netflix

Disney to introduce ad-supported version of Disney+ in December along with price hikes, as it…

11 hours ago

Meta Gathers AI Data As Chatbot Calls Zuckerberg ‘Creepy’

Facebook parent Meta gathers data from user interactions with latest chatbot as BlenderBot 3 criticises…

11 hours ago