Adobe corrige bug do Flash permitindo execução remota de código - Cyberscoop

Adobe corrige bug do Flash permitindo execução remota de código - Cyberscoop: Adobe has issued a patch for its Flash Player software, fixing a critical bug that would have allowed attackers to remotely execute malicious code. The company labels it as a “type confusion” vulnerability. That means that Flash Player could run a piece of code without verifying what type it is. If an unpatched version of Flash is running, an attacker could trick users into visiting a website hosting malicious code that could then run on the user’s Flash Player, as explained in a security advisory issued by Microsoft. According to SecurityWeek, the bug was originally reported by Israeli researcher Gil Dabah, who described it in a blog post on Nov. 13. It’s not clear why he disclosed publicly if a patch wasn’t ready, or why there was a week between his disclosure and the release of a patch. Adobe does not credit Dabah in its alert. Adobe Flash can be installed …

explicita