Monday, December 8, 2014

OOPS!! Another Flash Player update

This month is quite worrisome for Adobe Systems as it issues out-of-cycle Flash Player update. The reason is to fix a highly critical security flaw that allows cybercriminals to take complete control of vulnerable system. This issue was already covered under CVE-2014-8439 - released on 14th October'14 and further restriction being made on 25th November. Adobe credits Sebastien Duquette of ESET, Timo Hirvonen of F-Secure and cyber security researcher Kafeine for finding the vulnerability. According to Timo Hirvonen that they received the Flash exploit from Kafeine and analyzed the exploit by using Angler exploit kit. The result reveals that the issue is different from vulnerabilities patched in APSB14-22 advisory. We contacted the Adobe Product Security Incident Response Team about the issue. They acknowledges it and released an emergency update. <more>

No comments: