Google security researchers reveal key flaws in Adobe Flash Player
By Chris Wood and Ian MacPhersonUpdated February 10, 2018 07:24:56A group of security researchers have uncovered a major security flaw in Adobe’s Flash Player.
The flaw was found by researchers who analysed code written in Java, one of the most widely used programming languages in the world.
The vulnerability affects Adobe’s plug-in, Flash Player, which is used on the majority of modern computers and mobile devices.
The security flaw has been published in the latest issue of the security journal Threat Research.
The bug affects Flash Player 7.0, the latest version of Adobe’s popular Flash plug-ins.
It has been discovered by security researchers who worked with a software company called Jigsaw.
“Our team has already analyzed some code written by Jigsaw, and found the vulnerability in the Flash plug in Java.
In this blog post, we describe the results of our analysis and provide details about the vulnerabilities that are currently being fixed by Adobe,” the security researchers wrote.
“We hope to share additional details about this vulnerability with the public.”
A similar vulnerability was discovered in Adobe Reader 5.5.4 and 5.6.1, which are widely used by many people to download PDFs.
The vulnerabilities have been fixed in Flash Player version 18.104.22.168 and 7.2.0 in October 2018.
The Java code was then used to exploit the vulnerability.
They then tested their Java code against a real Flash plug, and discovered that the exploit worked, allowing the attacker to obtain full control of the victim computer.
The authors did not identify which plug they were targeting, but it is likely the Adobe Flash plug.
The team also found that the vulnerability can be exploited remotely by a “scripting framework” that exploits the vulnerability by sending the victim browser an HTTP GET request.
“We believe this vulnerability can only be exploited by a scripting framework or web server that sends the victim an HTTP request,” the researchers wrote in their blog post.
“The vulnerability can also be exploited in other ways, by allowing the remote access to a remote machine via SSH, which allows the remote attacker to gain access to the machine.”
The researchers said they had not identified any of the plug-Ins affected by the bug that could be exploited.
However, they did mention that Flash Player versions 7.1.5, 7.6 and 7-7.2 are currently vulnerable to this vulnerability.
Affected plug-In versions included in the advisory include Adobe Reader, Adobe Flash, Adobe Creative Suite, Adobe Photoshop, Microsoft Office and Microsoft PowerPoint.