Patched Flash bug still vulnerable

News by Greg Masters

A bypass in the multimedia and software platform Flash, which Adobe said it patched in its last security update, has reappeared.

A bypass in Flash, which Adobe said it patched in its last security update, has reappeared.

The flaw allows attackers to execute arbitrary code via unspecified vectors, according to CVE 2015-5560. Though Adobe issued security update 18.0.0.232 to mitigate the bug, researchers at security firm Morphisec found that the "in-the-wild exploit residing in a Nuclear exploit kit bypasses the recent Flash mitigation for vector corruption."

Apple's late CEO Steve Jobs was against allowing the Flash plugin on Apple devices, Mozilla is already preventing it from executing within its Firefox browser, while Facebook's new CSO, Alex Stamos, recently tweeted, "It is time for Adobe to announce the end-of-life date for Flash."

Users are once again being advised to patch the popular multimedia and software platform when updates are issued and to implement detection solutions.

Topics:

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike