Blog

Latest Flash Player version has improved exploit defenses

Posted by:

The Flash Player update released Tuesday not only fixed two vulnerabilities that were being targeted by attackers, but added additional protections that will make entire classes of security flaws much harder to exploit in the future.

There were three low-level defenses added in Flash Player 18.0.0.209, two of which block a technique that has been used by many Flash exploits since 2013.

The technique involves corrupting the length of an ActionScript Vector buffer object so that malicious code can be placed at predictable locations in memory and executed. ActionScript is the programming language in which Flash applications are written.

This method was used by at least two of the Flash Player exploits found among the files leaked from Italian surveillance software maker Hacking Team, as well as in two other flash zero-day exploits used by cyberespionage groups this year, researchers from Google said in a blog post Thursday.

To read this article in full or to leave a comment, please click here

0


About the Author

We offers a proactive approach to IT support, Managed IT Services, Hosted Cloud Services, and IT Project Management. We are focused on anticipating and mitigating any IT infrastructure problems you might incur. We offer the most unique blend IT project consulting, complete cloud-based services, and network/server management techniques to provide a customized solution for any size business. We are the premier provider of Managed IT Services, IT Support Services, Hosted Cloud Servers, Hosted Microsoft Exchange Email, Hosted VoIP PBX and Outsourced IT solutions. We service Texas from our main offices in Austin, Dallas, Houston and San Antonio. Our unique blend of computer networking services, cloud-based offerings, and professional IT services are provided by certified IT consulting professionals. We strive to be your one source for all technology guidance, support, hardware, software, and telephony. Using cutting edge network management tools and expertise, We will monitor your company’s network activity 24x7x365 in an effort to correct emerging issues well before they escalate to a level that forces business as usual to cease.

# #