Adobe Flash Player の脆弱性対策について(APSB16-36)(CVE-2016-7855)

【外部リンク】
Adobe Flash Player の脆弱性対策について(APSB16-36)(CVE-2016-7855)　最終更新日：2016年10月27日
https://www.ipa.go.jp/security/ciadr/vul/20161027-adobeflashplayer.html
アドビシステムズ社の Adobe Flash Player に、ウェブを閲覧することで DoS 攻撃や任意のコード（命令）を実行される可能性がある脆弱性（APSB16-36）が存在します。

【外部リンク】
https://helpx.adobe.com/security/products/flash-player/apsb16-36.html
Security updates available for Adobe Flash Player
Release date: October 26, 2016

Vulnerability identifier: APSB16-36

Priority: 1

CVE number: CVE-2016-7855


Platform: Windows, Macintosh, Linux and Chrome OS

【外部リンク】
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7855
Description

Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016.

【外部リンク】
https://blogs.technet.microsoft.com/mmpc/2016/11/01/our-commitment-to-our-customers-security/
Adobe Flash exploitation: CVE-2016-7855
Based on the analysis performed by the Windows Defender ATP Exploit research team and the Microsoft Security Response Center (MSRC), the vulnerability in Adobe Flash leveraged by STRONTIUM was found to be a use-after-free issue affecting ActionScript runtime code. Adobe has since released an update to fix this vulnerability. Microsoft is actively partnering with Adobe to implement additional mitigations against this class of exploit.

【外部リンク】
https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html
Posted by Neel Mehta and Billy Leonard, Threat Analysis Group
On Friday, October 21st, we reported 0-day vulnerabilities — previously publicly-unknown vulnerabilities — to Adobe and Microsoft. Adobe updated Flash on October 26th to address CVE-2016-7855; this update is available via Adobe's updater and Chrome auto-update.
Posted by Neel Mehta and Billy Leonard, Threat Analysis Group
On Friday, October 21st, we reported 0-day vulnerabilities — previously publicly-unknown vulnerabilities — to Adobe and Microsoft. Adobe updated Flash on October 26th to address CVE-2016-7855; this update is available via Adobe's updater and Chrome auto-update.