View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 26, 2014

Adobe release emergency Flash patch

Previous fix had not addressed the root cause used by exploit kit Angler.

By Jimmy Nicholls

Adobe has released an emergency patch for Flash Player after the security company F-Secure discovered a previous fix had failed to address the root of the problem.

F-Secure discovered the flaw during analysis of an exploit that made use of the exploit kit Angler, having been tipped off by the independent security researcher Kafeine.

Timo Hirvonen, senior researcher at F-Secure, said: "We considered the possibility that maybe the latest patch prevented the exploit from working and the root cause of the vulnerability was still unfixed so we contacted the Adobe Product Security Incident Response Team.

"They confirmed our theory and released an out-of-band update to provide additional hardening against a vulnerability in the handling of a de-referenced memory pointer that could lead to code execution."

Kafeine claimed that Angler was already exploiting the flaw by October 21, with the vulnerability also being abused by the exploit kits Astrum and Nuclear.

Adobe recommends that users update their Flash Players to the latest versions, and have released more details on operating system specifics via a security bulletin.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.