Adobe patches information leak vulnerability
Video: Your antivirus may clash with Windows Meltdown-Spectre patch
In comparison to Microsoft which is having a busy month patching due to Spectre and Meltdown, Adobe's latest patch update addresses only one vulnerability.
Security
According to a security advisory posted on Tuesday, the vulnerability is an out-of-bounds problem deemed "important."
The vulnerability, CVE-2018-4871, occurs due to a computation which reads data past the end of a target buffer. This out-of-range pointer which occurs during the read of internal data structure fields could be exploited by attackers to leak sensitive information.
The bug impacts Adobe Flash Player on Windows, Linux and Mac machines, Adobe Flash Player for Google Chrome, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 versions 28.0.0.126 and earlier.
See also: Satori IoT botnet malware code given away for Christmas
Users are encouraged to update now and accept automatic updates.
The vulnerability was anonymously reported through Trend Micro's Zero Day Initiative.
In December, Adobe patched a single vulnerability. The business logic error security flaw, CVE-2017-11305, could be exploited to reset global settings preference files.
5 things you should know about VPNs
Previous and related coverage
CoffeeMiner hijacks public Wi-Fi users' browsing sessions to mine cryptocurrency
A new attack called CoffeeMiner can exploit public Wi-Fi services to secretly mine cryptocurrencies.
Zero-day vulnerabilities hijack full Dell EMC Data Protection Suite
Researchers have discovered severe vulnerabilities in the suite which can lead to full system takeover.
PyCryptoMiner enslaves your PC to mine Monero
The botnet's creator is quietly cashing in on the craze for cryptocurrency.