Flash Player that is currently being exploited by hackers.
The critical vulnerability (CVE 2014-8439) in Flash Player for Windows, Mac and Linux was originally mitigated more than a month ago in October 14, 2014 patch release, but a French researcher Kafeine found its exploits in the Angler and Nuclear malware kits after Adobe released a patch, according to security vendor F-Secure.
"The vulnerability is being exploited in blind mass attack. No doubt about it : the team behind Angler is really good at what it does," Kafeine said in a blog post.
The vulnerability allows an attacker to execute arbitrary code due to a weakness in the way a dereferenced pointer to memory is handled. An attacker could serve a specially crafted Flash file to trigger the vulnerability, which would lead to the execution of attacker's code in order to take control of a target system.
Adobe rated the vulnerability as critical and recommended users and administrators to update their software on Windows, Mac OS X and Linux systems to the latest iteration as soon as possible.
"We considered the possibility that maybe the latest patch [from October] prevented the exploit from working and the root cause of the vulnerability was still unfixed, so we contacted the Adobe Product Security Incident Response Team," Timo Hirvonen, a senior researcher at F-Secure, wrote on Tuesday.
"They confirmed our theory and released an out-of-band update to provide additional hardening against a vulnerability in the handling of a dereferenced memory pointer that could lead to code execution."
According to the recent security bulletin, Adobe has released the latest update for its Flash plugin, version 22.214.171.124 for Windows and Mactintosh users, version 126.96.36.1998 for those that use the Adobe Flash Player Extended Support Release, and version 188.8.131.524 for Linux users.
Microsoft will soon be releasing security updates for Internet Explorer 10 and 11 and Google will be releasing for Chrome to fix the Flash Players embedded in them.
This will be Adobe's second attempt to snap shut this particular security vulnerability in Flash, and the company said the updates for the Windows, Linux and Apple OS X versions of Flash Player will "provide additional hardening" against the previous CVE-2014-8439 flaw that was patched in the past.
Popular Deals From Our Store
Ethical Hacking Certification Training
Get Professional Ethical Hacking Certifications: CEH, CHFI, CISM, CISA, CISSP Trainings.
96% Off Get this Deal
Computer Hacking Forensic Investigation
Online Hands-on Training with Lifetime Access to Forensic Investigation Certification Classes.
98% Off Get this Deal