Adobe plugs Flash Player 0-day vulnerability

Along with Microsoft, Adobe not only patched six security flaws in Flash but also addresses 20 vulns Reader and Acrobat. Out of six vulns patched in Flash, one is believed to be exploited wild. According to Adobe advisory, all fixes for Flash are rated as 'CRITICAL' allowing intruders to take complete control of the vulnerable system. These vulnerabilities affect Windows, Mac and Linux platforms. Adobe credits security researcher 'bilou' who flagged the issue via Zero Day Initiative (ZDI) owned by HP. Flash versions 15.0.0.242 and earlier, 13.0.0.258 and earlier 13.x versions, and 11.2.202.424 and earlier versions for Linux are vulnerable and urged users to apply the fix on earliest basis, Adobe stated in the advisory. <more>

OOPS!! Another Flash Player update

This month is quite worrisome for Adobe Systems as it issues out-of-cycle Flash Player update. The reason is to fix a highly critical security flaw that allows cybercriminals to take complete control of vulnerable system. This issue was already covered under CVE-2014-8439 - released on 14th October'14 and further restriction being made on 25th November. Adobe credits Sebastien Duquette of ESET, Timo Hirvonen of F-Secure and cyber security researcher Kafeine for finding the vulnerability. According to Timo Hirvonen that they received the Flash exploit from Kafeine and analyzed the exploit by using Angler exploit kit. The result reveals that the issue is different from vulnerabilities patched in APSB14-22 advisory. We contacted the Adobe Product Security Incident Response Team about the issue. They acknowledges it and released an emergency update. <more>

Google's Dashboard leverages users about devices accessibility

Google rolls out new tools targeting enterprise apps customers to provide more control over the devices. According to post on Google work blog, this new dashboard shows all the devices that have accessed Google accounts during the last 4 weeks period. It will aid users to figure out unsolicited access at a glance. A guide for managing Google for Work security is also released so that end user will not face any issue during the setup and usage. The dashboard also provide an opportunity of IT managers to have a comprehensive view of device activity and can remotely alter security settings. Google believes that security is a shared responsibility in the cloud environment, so we all should make every step to ensure corporate information is secure. <more>