Adobe rolled out patches for four vulnerabilities in Adobe Experience Manager, the first time since January its monthly patch release cycle has not included a Flash Player security update.
Starting next year, Firefox users who navigate to pages that contain Flash will be asked their consent before activating the plugin. The move, long expected, comes as developers seek to curb usage of Flash in everyday web browsing.
The ScarCruft APT gang has made use of a Flash zero day patched Thursday by Adobe to attack more than two dozen high-profile targets in Russia and Asia primarily.
Adobe is expected to this week patch a Flash Player vulnerability being exploited in targeted attacks.
The Angler Exploit Kit is exploiting the latest Flash zero day and is moving Dridex banking malware. The Magnitude and Neutrino exploit kits have also integrated the 0day.
Mike Mimoso and Chris Brook discuss the news of the week, including zero day vulnerabilities–both in Adobe Flash and Windows, a nasty vulnerability in SAP business applications, Mozilla asking FBI to disclose a Tor exploit, and more.
Adobe pushed out an emergency Flash Player update, patching a zero-day vulnerability. Adobe said a public exploit exists for CVE-2016-4117.
Adobe pushed out 95 fixes for Acrobat, Reader, and ColdFusion on Tuesday and simultaneously warned about a zero day vulnerability in Flash it plans to patch on Thursday.
Adobe today patched a DOM-based cross-site scripting vulnerability in the Adobe Analytics AppMeasurement for Flash library.
Exploits for an Adobe Flash Player zero day vulnerability have been folded into two exploit kits that are distributing ransomware to infected machines.