Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: InfoSec Handlers Diary Blog - SANS Internet Storm Center InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
ISC Stormcast For Thursday, October 27th 2016

Critical Flash Player Update APSB16-36

Published: 2016-10-26
Last Updated: 2016-10-26 17:24:26 UTC
by Johannes Ullrich (Version: 1)
3 comment(s)

Adobe today released a critical update for Flash Player. The update was released outside of Adobe's regular patch cycle. [1]

The singled vulnerability fixed by this update, CVE-2016-7855, has already been exploited in targeted attacks against Windows.

Windows, Linux and Mac versions are affected, including versions embedded in Chrome and Edge/Internet Explorer 11. 

Please expedite this update, and review that Flash does not start automatically in your browser but only if enabled by the user for a specific site. Consider removing Flash whenever possible.




Johannes B. Ullrich, Ph.D.

Keywords: adobe flash player
3 comment(s)
New VMWare Security Advisory: VMSA-2016-0017 Information Disclosure in VMWare Fusion and VMWare Tools
ISC Stormcast For Wednesday, October 26th 2016
Diary Archives