Flash users, it's time to update the plugin ASAP. Adobe has today issued an emergency security update to patch a critical vulnerability, just three days after the last update. Adobe says the vulnerability could potentially give an attacker control of an affected system.
This update will bring the Flash NPAPI plugin up to version 22.214.171.124 on Windows and OS X clients. Chrome and Edge will automatically update themselves with the latest plugins for those browsers, according to the security bulletin.
Peter Pi of Trend Micro says this vulnerability could allow attackers to get around mitigation techniques that Adobe and Google created together if it's left unpatched. His blog post about the vulnerability gets into great detail. The basic idea is that the definition of a ByteArray in Adobe's Actionscript programming language isn't protected by these mitigation techniques. A piece of malicious code can be turned loose by using an externalizable object to set the length attribute of a ByteArray to 0xfffffff6.
According to Trend Micro, the most recent zero-day attack is probably part of an ongoing campaign against the United States and other NATO members. The spate of Java and Flash vulnerabilities discovered from the Hacking Team leak were also used by this campaign, which has been dubbed Pawn Storm. While the attacks have had a limited scope, it seems that it's just a matter of time before more attackers exploit these vulnerabilities now that they're out in the open. Be sure to update Flash, or even better, just disable it if you can.
|1. BIF - $340||2. Ryu Connor - $250||3. mbutrovich - $250|
|4. YetAnotherGeek2 - $200||5. End User - $150||6. Captain Ned - $100|
|7. Anonymous Gerbil - $100||8. Bill Door - $100||9. ericfulmer - $100|
|10. dkanter - $100|
|AMD drops prices on the Radeon RX 460 and RX 470||40|
|Reports: Radeon RX 470D is a budget Polaris card for China||9|
|Examining reports of slow write speeds on the 32GB iPhone 7||25|
|Cellular Insights dissects iPhone 7 Plus modem performance||11|
|Deals of the week: scads of high-performance storage and more||9|
|Tobii's Eye Tracker 4C knows where your head is||4|
|GeForce driver 375.57 is prepared for Titanfall 2||7|
|Phanteks Eclipse P400 gets a tempered glass option||0|
|Radeon 16.10.2 drivers add support for October's big games||10|
|A real "console monitor" would be 720p @ 30 Hz ;P||+62|