Adobe Flash Player CVE-2014-0497


Adobe Flash Player CVE-2014-0497

Another flash exploit….

Security focus, one of the most respected sites by hackers all over the world – reports that a remote execution exploit has been detected for Adobe Flash Player. This vulnerability is affecting Windows, Mac and Linux operating systems
and the potential risk this leads to made the National Vulnerability Database* to rate it 10/10 in impact score which is an extremely high rating. *The U.S. government repository of standards based vulnerability management data

It wouldn’t be the first time Adobe team has water over their heads. Flash is used on most interactive websites not running html4 (besides Ryanair who loves Microsoft silver-light).

Remote execution exploit

Remote execution means that an evil black hat hacker, could use it to force the client application to execute calls of any types – in other words, theoretical, download and/or start an application. Web browser have increased access by default (since they kinda need to communicate over network) – what makes them even more interesting from a hacker perspective.


Illustration of remote execution

The security hole in Adobe Flash Player is now also confirmed by Adobe who have released an update of
the software where they claim it’s fixed:

Adobe has released security updates for Adobe Flash Player and earlier versions for Windows and Macintosh and Adobe Flash Player and earlier versions for Linux. These updates address a critical vulnerability that could potentially allow an attacker to remotely take control of the affected system.

CVE-2014-0497, is not the last Adobe exploit for sure.