Researchers at FortiGuard Labs recently discovered another heap overflow vulnerability in the Adobe Flash Player. The vulnerability (CVE-2015-5129) is similar to a larger group of security issues found in Flash Player, which could be exploited to allow remote code execution on the host system. Although security researchers have not observed active exploits for this particular vulnerability in the wild, several products that incorporate flash were found with the vulnerability. One example is the Google Chrome browser. Additionally, the vulnerability could affect mobile developers on both Android and Apple iOS if Adobe AIR SDK & Compiler18.104.22.168 has been used. Perhaps more importantly, many active exploits have been developed for similar vulnerabilities, making future exploit development more straightforward. Adobe has not only patched this vulnerability very quickly but has also implemented layers of security, including the Adobe Sandbox, in recent versions of Flash that make it far more difficult to compromise a system by exploiting Flash.
Adobe Security Bulletin
The information provided herein is on "as is" basis, without warranty of any kind.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street