Adobe Flash Player CVE-2014-0497
Adobe Flash Player CVE-2014-0497
Another flash exploit….
Security focus, one of the most respected sites by hackers all over the world – reports that a remote execution exploit has been detected for Adobe Flash Player. This vulnerability is affecting Windows, Mac and Linux operating systems
and the potential risk this leads to made the National Vulnerability Database* to rate it 10/10 in impact score which is an extremely high rating. *The U.S. government repository of standards based vulnerability management data
It wouldn’t be the first time Adobe team has water over their heads. Flash is used on most interactive websites not running html4 (besides Ryanair who loves Microsoft silver-light).
Remote execution exploit
Remote execution means that an evil black hat hacker, could use it to force the client application to execute calls of any types – in other words, theoretical, download and/or start an application. Web browser have increased access by default (since they kinda need to communicate over network) – what makes them even more interesting from a hacker perspective.
Illustration of remote execution
the software where they claim it’s fixed:
Adobe has released security updates for Adobe Flash Player 12.0.0.43 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.335 and earlier versions for Linux. These updates address a critical vulnerability that could potentially allow an attacker to remotely take control of the affected system.
CVE-2014-0497, is not the last Adobe exploit for sure.
References
- http://www.securityfocus.com/bid/65327
- http://helpx.adobe.com/security/products/flash-player/apsb14-04.html
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0497
Images:
