-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2016-0140 Title: URGENT - 0 day Adobe Flash vulnerability Version history: 26.10.2016 Initial publication Summary ======= "Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address a critical vulnerability that could potentially allow an attacker to take control of the affected system." [1] Exploits for this vulnerability have been detected in the wild so CERT-EU recomends to patch this vulnerability as soon as possible. CVE number: CVE-2016-7855 Technical details ================= Adobe said the flaw is a use-after-free vulnerability. Use-after-free vulnerabilities are memory corruption issues that expose systems to code execution. Attackers exploit these vulnerabilities by attempting to access memory after it has been freed; attacks can result in a system crash or code execution [2]. Vulnerable systems ================== Adobe Flash Player Desktop Runtime 23.0.0.185 and earlier Windows and Macintosh Adobe Flash Player for Google Chrome 23.0.0.185 and earlier Windows, Macintosh, Linux and Chrome OS Adobe Flash Player for Microsoft Edge and Internet Explorer 11 23.0.0.185 and earlier Windows 10 and 8.1 Adobe Flash Player for Linux 11.2.202.637 and earlier Linux What can you do? ================ All users should update to version 23.0.0.205 on all platforms, follow the instructions in the original advisory [1]. More information ================ [1] https://helpx.adobe.com/security/products/flash-player/apsb16-36.html [2] https://threatpost.com/adobe-patches-flash-zero-day-under-attack/121567/ Best regards, CERT-EU Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJYEOmNAAoJEPpzpNLI8SVoFp4QAJIHoL8GE1AZwQmbXA5MGbc1 agi5o83r9L5Kax77RnyMiCcvb1+lRiy2zbgExGNohqfJXVxwNc5ETaz440rcYoN5 1sPZ+/xK7BywKk5jEihyEpJkMmgzdNEwrCrrlZr9b1+Zqs8LyVuBR1HI+oSyRRbC i7fmSC0WCvBFol7q6CKtKTFKzkbxH5LQ0Ss5T8F1VGoglE2Stu0y11S+t6XxStEd N4zXtlf3M7NxuYC1ZLkVU+AOlhwwg7P1QM2IloAaMxaWltBxi41XwBijfwJLzrb+ +osxZdq5WblR9kbPy9tgazSOWdlDqX1ABGZBGHe0GvK3/Zm1rb9hjVGDCqUixSWC TDuPdYGee8BdKEcWBYOE8HXCD9s/VZ4pmOWMulNZBjHWBY6pE/NStM3aMCbki7JG cCnkBx/bDwvycFabTr6mHw+NXsIWz4PfC3IamIks/sWqn9YGgPqiAqkkGp5gQ8LW E/ucXFaW4o7Kn/PqFu0wLW1tOXmZoMOt1qIxva5VIudk6HCOqdyBXI3Nf1NehC6X oZqy3Dq4clXQ/3VIr9GiTEN1iH72ppS0rvo4Lr+urhId9cc3O8LRb3wLvOw2ApgS 0U5OMBVJas4ilLK1v9I4OTBNBhsuBaNN4Oh/l9an7RavkAiZXLwPQ2JzeTkt1CIo WdnLHuivPg0YIn3dccF2 =DI26 -----END PGP SIGNATURE-----