Several days ago, we talked about how Adobe Flash Player is one of the most exploited technologies around the globe. Now, another Flash Player vulnerability has been exposed, further proving the point that the technology is far from being secure.
On May 10, Adobe announced on its website that they have discovered a critical vulnerability in Flash Player 18.104.22.168 and earlier versions for Windows, Macintosh, Linux, and Chrome OS. This vulnerability (which is codenamed CVE-2016-4117) can cause users’ systems to crash when it is successfully exploited. It can even allow hackers to have full control of affected systems, which can then lead to the installation of ransomware (which forces people to pay the hackers if they want to get their data back).
Adobe notes that the vulnerability was reported by Genwei Jiang of FireEye, Inc. The provider also acknowledges that there is already an exploit for the vulnerability in the wild, meaning that users who are using Adobe Flash Player 22.214.171.124 or earlier versions may be targeted by hackers at any time. Adobe promises to fix this vulnerability through their monthly security patch, which will be released anytime soon.
Aside from the Flash Player vulnerability, Adobe has also announced that they are releasing security updates for their other products. One of these updates target Adobe Acrobat and Reader and will fix critical vulnerabilities in these products that expose users to security threats. The update is made for users who are on Acrobat DC and Acrobat Reader DC (Continuous) version 15.010.20060 and earlier versions, Acrobat DC and Acrobat Reader DC (Classic) version 15.006.30121 and earlier versions, and Acrobat XI and Reader XI (Desktop) version 11.0.15 and earlier versions.
Another update provides hotfixes ColdFusion versions 10 (Update 18 and earlier versions) and 11 (Update 7 and earlier versions) as well as the 2016 release for all platforms. Specifically, these hotfixes solve a range of problems including input validation and host name verification problem with wild card certificates.
To take advantage of these hotfixes, users need to update their ColdFusion installation. Those who are on ColdFusion 10 should download Update 19, while those who are on ColdFusion 11 should get Update 8. Those who are using the 2016 release of ColdFusion should obtain Update 1. Users also need to follow the recommended security configuration settings for the ColdFusion product that they use and follow the respective Lockdown Guides to improve the security of their ColdFusion servers.
Every techie needs a pair of sick headphones. Neurogadget recommends these Audio Technica Professional Studio Monitor Headphones for both their quality and their cool-factor.