Flash users, it's time to update the plugin ASAP. Adobe has today issued an emergency security update to patch a critical vulnerability, just three days after the last update. Adobe says the vulnerability could potentially give an attacker control of an affected system.
This update will bring the Flash NPAPI plugin up to version 184.108.40.206 on Windows and OS X clients. Chrome and Edge will automatically update themselves with the latest plugins for those browsers, according to the security bulletin.
Peter Pi of Trend Micro says this vulnerability could allow attackers to get around mitigation techniques that Adobe and Google created together if it's left unpatched. His blog post about the vulnerability gets into great detail. The basic idea is that the definition of a ByteArray in Adobe's Actionscript programming language isn't protected by these mitigation techniques. A piece of malicious code can be turned loose by using an externalizable object to set the length attribute of a ByteArray to 0xfffffff6.
According to Trend Micro, the most recent zero-day attack is probably part of an ongoing campaign against the United States and other NATO members. The spate of Java and Flash vulnerabilities discovered from the Hacking Team leak were also used by this campaign, which has been dubbed Pawn Storm. While the attacks have had a limited scope, it seems that it's just a matter of time before more attackers exploit these vulnerabilities now that they're out in the open. Be sure to update Flash, or even better, just disable it if you can.
|Report: Intel Inside co-marketing program will get a budget cut||8|
|Gingerbread House Day Shortbread||14|
|iMac Pro details and release date come into focus||38|
|Radeon Software Adrenalin Edition: an overview||20|
|Tuesday deals: NVMe storage, a GeForce GTX 1080 Ti, and more||9|
|Intel 15.60 IGP drivers are sitting pretty for Okami HD||6|
|Synaptics Clear ID FS9500 fingerprint sensors slip under phone screens||21|
|TR's 2017 Christmas giveaway: goodies from MSI, Antec, and OCZ||31|
|VESA DisplayHDR attempts to demystify HDR-capable monitors||22|
|Full disclosure: while I work for Intel; the opinions I express here are my own I think I understanding the issue you ran into. For the Braswell platf...||+22|