Adobe Patches Flash Zero-Day Discovered by Google and Used in Live Attacks


October 26, 2016

Adobe released today Flash Player version 23.0.0.205 that fixes a critical security flaw discovered by two Google engineers, which they say was used in attacks against Windows users in the wild.

The technical description of this security flaw is “a use-after-free vulnerability that could lead to code execution,” which Adobe tracks under the CVE-2016-7855 identifier.

Adobe said an attacker had deployed this vulnerability as part of targeted attacks against users running Windows versions 7, 8.1 and 10.

Neel Mehta and Billy Leonard from Google’s Threat Analysis Group discovered CVE-2016-7855, which appears to be used in limited, targeted attacks specific to cyber-espionage (APT) groups.

Read full story…