Patch Your Flash: Another Zero-Day Vulnerability Hits Adobe Flash

Adobe has released an out-of-bound patch for Flash Player due to a zero-day vulnerability. According to Adobe’s bulletin (APSB16-36), versions of Flash from and earlier (released on October 11) are affected. (Adobe Flash Player for Linux uses a separate version numbering system; for that product versions and earlier are vulnerable.) We urge all users who still have Flash installed to update to the version released today as soon as possible.

The vulnerability is a use-after-free vulnerability that has been designated CVE-2016-7855. An attacker could use a malicious Flash file to run malicious code on a user’s system, allowing various threats to be planted on the affected system. The bulletin noted that the vulnerability has been exploited in “limited, targeted attacks” against Windows users.

Adobe has released a Flash update which fixes this vulnerability. This update brings the current version of Flash to The built-in update mechanism of Flash will either automatically install the update or prompt the user to do so. The versions of Flash that are integrated into Google Chrome and Microsoft Edge/Internet Explorer will receive updates via the update mechanisms of those browsers. For Adobe Flash Player for Linux, the current version is

Trend Micro Deep Security and Vulnerability Protection protect user systems from any threats that may target this vulnerability via the following DPI rule:

  • 1008003—Adobe Flash Player Use-After-Free Vulnerability

TippingPoint customers are protected from attacks exploiting these vulnerability with the following MainlineDV filter:

  •     25498: HTTP: Adobe Flash AMF Use-After-Free Vulnerability

Post from: Trendlabs Security Intelligence Blog – by Trend Micro

Patch Your Flash: Another Zero-Day Vulnerability Hits Adobe Flash

Read more: Patch Your Flash: Another Zero-Day Vulnerability Hits Adobe Flash

Story added 27. October 2016, content source with full text you can find at link above.