Adobe, Microsoft Patch Flash Zero-Day Vulnerability

Adobe released a patch for the zero-day vulnerability that South Korea’s government announced last week.

New Flash Zero-Day

Last week, South Korea’s Internet & Security Agency (KISA) issued an alert about a Flash zero-day vulnerability that attackers were exploiting against the country’s own citizens. Flash hasn’t been much in the news lately because by now most modern browsers are blocking it by default, which means attackers can’t exploit users’ machines directly through Flash-reliant websites anymore.

However, in this case, the attackers were able to continue to exploit a new zero-day vulnerability in Flash primarily by sending email attachments that contained Word documents with embedded Flash code in them. The “use after free” (UAF) vulnerability could allow the attackers to remotely take over the infected systems.

Adobe responded at the time by saying that it’s been made aware of the bug and that it believes the bug has only been used in limited and targeted attacks against some Windows users so far. However, the bug also affected macOS and Linux users.

Adobe reminded IT administrators that starting with the previous version of Flash (v27) they could change the Flash Player’s behavior so that it prompts a user before playing SWF content. Additionally, Adobe reminded the IT administrators that they can also lock down Word documents with the Protected View, which puts docs into a read-only mode.

Patch Is Here

As it promised last week, Adobe published a security bulletin and a patch that fixes the zero-day vulnerability. The patch is also available through the latest Windows update, which was released at the same time as Adobe’s own update.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • neomatter3420
    It's almost senseless buying a 4k monitor that's only 60hz. For console players, 60hz. Can't even truly utilize PS4 pro, or Xbox one X's 4k gaming capabilities.
    Reply
  • therealduckofdeath
    If you get the 60Hz 4k monitor on a zero-day flash sale, I think it's worth it.
    (combo reply)
    Reply
  • neomatter3420
    20682029 said:
    If you get the 60Hz 4k monitor on a zero-day flash sale, I think it's worth it.
    (combo reply)

    Oh absolutely, for a good price you'd be a fool not too.
    Reply
  • cryoburner
    20681965 said:
    It's almost senseless buying a 4k monitor that's only 60hz. For console players, 60hz. Can't even truly utilize PS4 pro, or Xbox one X's 4k gaming capabilities.

    I'll bet those consoles can't even run Flash games at 4k. : 3
    Reply
  • neomatter3420
    20682309 said:
    20681965 said:
    It's almost senseless buying a 4k monitor that's only 60hz. For console players, 60hz. Can't even truly utilize PS4 pro, or Xbox one X's 4k gaming capabilities.

    I'll bet those consoles can't even run Flash games at 4k. : 3
    Probably not, I use PC and console, but PC has been beast mode compared to any "next gen" console.
    Reply
  • mihen
    I have a 4k 60hz monitor for professional use. Makes a big difference over 2k. The refresh doesn't matter when you are only staring at a single frame. Gonna jump into OLED as soon as they workout burn in and make a monitor with OLED.
    Reply
  • neomatter3420
    20683236 said:
    I have a 4k 60hz monitor for professional use. Makes a big difference over 2k. The refresh doesn't matter when you are only staring at a single frame. Gonna jump into OLED as soon as they workout burn in and make a monitor with OLED.

    I'm really excited for the rog swift pg27uq..for gaming. 165hz. 1ms , true 4k. It looks amazing. Looking at the price tag of what it might be, does not look so amazing for the wallet.

    Reply