Security News > 2017 > October > Adobe releases emergency fix for Flash Player zero-day exploited in the wild
2017-10-17 16:40
Adobe has released an out-of-band security update for Adobe Flash Player that patches a zero-day remote code execution vulnerability actively exploited in the wild. Kaspersky Lab researchers spotted the live attacks on October 10, 2017, and say that the exploit is delivered through a Microsoft Word document and deploys the most recent version of the FinSpy (aka FinFisher) commercial malware developed by Gamma International. The attack leveraging CVE-2017-11292 The researchers believe that the zero-day is … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/ftGWAy6beUM/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-22 | CVE-2017-11292 | Type Confusion vulnerability in multiple products Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode verification procedure, which allows for an untrusted value to be used in the calculation of an array index. | 8.8 |