Adobe release emergency Flash patch

Adobe has released an emergency patch for Flash Player after the security company F-Secure discovered a previous fix had failed to address the root of the problem.

F-Secure discovered the flaw during analysis of an exploit that made use of the exploit kit Angler, having been tipped off by the independent security researcher Kafeine.

Timo Hirvonen, senior researcher at F-Secure, said: "We considered the possibility that maybe the latest patch prevented the exploit from working and the root cause of the vulnerability was still unfixed so we contacted the Adobe Product Security Incident Response Team.

"They confirmed our theory and released an out-of-band update to provide additional hardening against a vulnerability in the handling of a de-referenced memory pointer that could lead to code execution."

Kafeine claimed that Angler was already exploiting the flaw by October 21, with the vulnerability also being abused by the exploit kits Astrum and Nuclear.

Adobe recommends that users update their Flash Players to the latest versions, and have released more details on operating system specifics via a security bulletin.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing