// IP Marketing video - START// IP Marketing video - END

Adobe releases emergency patch to fix Flash Player vulnerability

Adobe releases emergency patch to fix Flash Player vulnerability

PanARMENIAN.Net - Adobe released an emergency patch on Tuesday, Nov 25, to fix a Flash Player vulnerability that was fixed last month but was quickly exploited again.

The company had issued a patch for the flaw, called CVE-2104-8439, but attackers soon found a way around that fix, PCWorld reports.

The latest update to Flash adds a “mitigation” for CVE-2104-8439, a vulnerability that could lead to the installation of malware.

The latest version for Windows and Apple’s Mac OS is 15.0.0.239, and the latest for Linux is 11.2.202.424. Flash Player for Google’s Chrome and Microsoft’s Internet Explorer browsers should automatically update, but the update also can be installed manually from Adobe.

CVE-2014-8439 was patched on Oct. 14 along with three other vulnerabilities, but apparently the patch wasn’t enough to stop exploit-kit developers from reverse-engineering the fix and finding a way to continue to exploit it.

Exploit kits are malicious software packages that automatically attack computers that browse to a website where one is installed, looking for software vulnerabilities and delivering malware.

Timo Hirvonen, a senior researcher at F-Secure, wrote on Tuesday that the company received an exploit sample from independent security researcher Kaffeine. The exploit appeared to still work despite Adobe’s October patches.

“We considered the possibility that maybe the latest patch prevented the exploit from working [but] the root cause of the vulnerability was still unfixed, so we contacted the Adobe Product Security Incident Response Team,” Hirvonen wrote. Adobe “confirmed our theory and released an out-of-band update to provide additional hardening.”

Kaffeine found the Angler exploit kit was exploiting CVE-2104-8439 again just a week after Adobe’s Oct. 14 patch release, with the Astrum and Nuclear exploit kits adding the same capability soon after, Hirvonen wrote.

 Top stories
The suit focuses on 19 PicsArt filters that were supposedly “reverse engineered from VSCO’s filters.”
CEO & Co-Founder of SoloLearn Yeva Hyusyan has made it to the list of 50 female entrepreneurs to watch in 2019.
Nearly 80 percent of PicsArt’s users are under the age of 35 and those under 18 are driving most of its growth.
The Armenian capital of Yerevan has been named one of 25 up-and-coming startup cities projected to grow into the hubs of the future
Partner news