Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2016-10-26 InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Critical Flash Player Update APSB16-36

Published: 2016-10-26
Last Updated: 2016-10-26 17:24:26 UTC
by Johannes Ullrich (Version: 1)
1 comment(s)

Adobe today released a critical update for Flash Player. The update was released outside of Adobe's regular patch cycle. [1]

The singled vulnerability fixed by this update, CVE-2016-7855, has already been exploited in targeted attacks against Windows.

Windows, Linux and Mac versions are affected, including versions embedded in Chrome and Edge/Internet Explorer 11. 

Please expedite this update, and review that Flash does not start automatically in your browser but only if enabled by the user for a specific site. Consider removing Flash whenever possible.




Johannes B. Ullrich, Ph.D.

Keywords: adobe flash player
1 comment(s)
New VMWare Security Advisory: VMSA-2016-0017 Information Disclosure in VMWare Fusion and VMWare Tools
ISC Stormcast For Wednesday, October 26th 2016
Diary Archives