1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Latest Flash Player version has improved exploit defenses

Discussion in 'Network World' started by RSS, Jul 17, 2015.

  1. RSS

    RSS New Member Member

    The Flash Player update released Tuesday not only fixed two vulnerabilities that were being targeted by attackers, but added additional protections that will make entire classes of security flaws much harder to exploit in the future.

    There were three low-level defenses added in Flash Player, two of which block a technique that has been used by many Flash exploits since 2013.

    The technique involves corrupting the length of an ActionScript Vector buffer object so that malicious code can be placed at predictable locations in memory and executed. ActionScript is the programming language in which Flash applications are written.

    This method was used by at least two of the Flash Player exploits found among the files leaked from Italian surveillance software maker Hacking Team, as well as in two other flash zero-day exploits used by cyberespionage groups this year, researchers from Google said in a blog post Thursday.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page