Vulnerability in Adobe Flash Player 14.0.0.145 (Patched)

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Adobe would allow an attacker to bypass access restrictions, although there is no information about the vectors that could be leveraged in the breach. These are the CVE identifiers CVE-2014-0537 and CVE-2014-0539 and have been attributed to Masato Kinugawa.

The flaw, CVE-2014-4671, addressed in Adobe Flash Player 14.0.0.145, touches on validation checks of the content from JSONP callback APIs.

Many high-profile domains were affected by the flaw, including those from Google, Twitter, Instagram, Tumblr, Olark, and eBay. However, some of them have already taken the necessary measures to protect against the vulnerability. The domains from Google, Twitter and Tumblr are currently protected against this sort of attack.

Update to the latest version of Flash Player is imperative in this case. Users of Google Chrome, Internet Explorer 10 and 11 receive the new revision automatically in some cases a browser restart is required for the update to complete.

Users that do not receive the update automatically are advised to install it manually as soon as possible in order to eliminate security risks.

The following two tabs change content below.

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Leave a Reply