Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Internet Storm Center - SANS Internet Storm Center Internet Storm Center

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

Critical Flash Player Update APSB16-36

Published: 2016-10-26
Last Updated: 2016-10-26 17:24:26 UTC
by Johannes Ullrich (Version: 1)
1 comment(s)

Adobe today released a critical update for Flash Player. The update was released outside of Adobe's regular patch cycle. [1]

The singled vulnerability fixed by this update, CVE-2016-7855, has already been exploited in targeted attacks against Windows.

Windows, Linux and Mac versions are affected, including versions embedded in Chrome and Edge/Internet Explorer 11. 

Please expedite this update, and review that Flash does not start automatically in your browser but only if enabled by the user for a specific site. Consider removing Flash whenever possible.




Johannes B. Ullrich, Ph.D.

Keywords: adobe flash player
1 comment(s)
New VMWare Security Advisory: VMSA-2016-0017 Information Disclosure in VMWare Fusion and VMWare Tools

If you have more information or corrections regarding our diary, please share.

Recent Diaries

Another Day, Another Spam...
2 days ago by Xme (3 comments)

A few Mirai Updates: MIPS, PPC version; a bit less scanning
2 days ago by Johannes (2 comments)

ISC Briefing: Large DDoS Attack Against Dyn
3 days ago by Johannes (7 comments)

Request for Packets TCP 4786 - CVE-2016-6385
4 days ago by Guy (0 comments) DDoS Attack
5 days ago by Johannes (9 comments)

How Stolen iOS Devices Are Unlocked
5 days ago by Johannes (0 comments)

Malspam delivers NanoCore RAT
1 week ago by Brad (1 comment)

View All Diaries →

Latest Discussions

created 1 day ago by SYNERGYUSALLC (0 replies)

Any experience with hyper-v ram forensic?
created 5 days ago by DrGreen (0 replies)

Question about faux news websites
created 2 weeks ago by Marko (0 replies)

Event Logging Requirements
created 4 weeks ago by Circadian (4 replies)

Configuring 'cvtwin': Windows 10 and Norton 360 Premier
created 1 month ago by Anonymous (0 replies)

View All Forums →

Latest News

View All News →

Top Diaries DDoS Attack
5 days ago by Johannes (9 comments)

Critical Cisco ASA IKEv1/v2 Vulnerability. Active Scanning Detected
8 months ago by Johannes (25 comments)

How Stolen iOS Devices Are Unlocked
5 days ago by Johannes (0 comments)

New tool:
1 week ago by Jim (4 comments)

The Short Life of a Vulnerable DVR Connected to the Internet
3 weeks ago by Johannes (8 comments)