Adobe patches information leak vulnerability

The bug impacts Windows, Mac, and Linux machines.

Video: Your antivirus may clash with Windows Meltdown-Spectre patch

In comparison to Microsoft which is having a busy month patching due to Spectre and Meltdown, Adobe's latest patch update addresses only one vulnerability.

According to a security advisory posted on Tuesday, the vulnerability is an out-of-bounds problem deemed "important."

The vulnerability, CVE-2018-4871, occurs due to a computation which reads data past the end of a target buffer. This out-of-range pointer which occurs during the read of internal data structure fields could be exploited by attackers to leak sensitive information.

The bug impacts Adobe Flash Player on Windows, Linux and Mac machines, Adobe Flash Player for Google Chrome, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 versions 28.0.0.126 and earlier.

See also: Satori IoT botnet malware code given away for Christmas

Users are encouraged to update now and accept automatic updates.

The vulnerability was anonymously reported through Trend Micro's Zero Day Initiative.

In December, Adobe patched a single vulnerability. The business logic error security flaw, CVE-2017-11305, could be exploited to reset global settings preference files.

Previous and related coverage

    CoffeeMiner hijacks public Wi-Fi users' browsing sessions to mine cryptocurrency

    A new attack called CoffeeMiner can exploit public Wi-Fi services to secretly mine cryptocurrencies.

    Zero-day vulnerabilities hijack full Dell EMC Data Protection Suite

    Researchers have discovered severe vulnerabilities in the suite which can lead to full system takeover.

    PyCryptoMiner enslaves your PC to mine Monero

    The botnet's creator is quietly cashing in on the craze for cryptocurrency.