A few weeks ago, Adobe has rushed out an emergency patch for a zero day vulnerability. Well, it seems that the company has just released a new security update for the mentioned software. The new release has patched 9 vulnerabilities, all of them which could allow remote code execution.
Adobe claims that it is not aware of public exploits that have been used against any of the newly patched vulnerabilities. The company has added that the desktop version 18.104.22.168 and earlier are affected on Windows OS and Mac OS platform.
Users are now advised to update the Flash Player on all platforms to version 22.214.171.124. According to the company, this was a scheduled update, while the one that the company has released a few weeks ago was an emergency one, which has patched CVE-2016-7855, an exploit that was used in limited targeted attacks.
It is good to know that Adobe has patched the Flash zero day exploit within a week after being notified. However, Google has made public the disclosed details about the vulnerability, which irritated Adobe. It is good to know that Google’s disclosure policy gives vendors 60 days to patch the critical vulnerabilities before notifying users about the risk and any ways to fix the temporarily issue(s). This policy has been published back in 2013 and it came with a seven-day deadline on critical flaws under active exploitation.
We have to agree that Adobe is currently trying to fix all the issues that it finds on Flash Player. Unfortunately, this player had some big issues in the past and we’re not sure how long it will stay alive, because HTML5 is becoming more and more popular.
Do you think that Adobe Flash Player will be replaced soon by HTML5 or it will take longer for the “old” player to “die”?
Every techie needs a pair of sick headphones. Neurogadget recommends these Audio Technica Professional Studio Monitor Headphones for both their quality and their cool-factor.