Journal Trax3001BBS's Journal: Adobe releases emergency Flash update 2-20-14
ASLR vastly decreases the chances that a remote-code-execution attack will succeed by loading downloaded scripts in a different memory location each time the computer is rebooted. The attackers behind the campaign discovered by FireEye found a way to bypass ASLR on computers running older software. Specifically, PCs running Windows XP, Windows 7 with the now-unsupported 1.6 version of Oracle's Java, and Windows 7 with a now out-of-date version of Office 2007 or Office 2010 don't benefit from the protection of ASLR.
http://arstechnica.com/security/2014/02/adobe-releases-emergency-flash-update-amid-new-zero-day-drive-by-attacks/
Readers should remember that versions 12.0.0.44, 11.7.700.261, or earlier of Flash, regardless of the platform they run on, contain the underlying vulnerability.
Adobe releases emergency Flash update 2-20-14 More Login
Adobe releases emergency Flash update 2-20-14
Slashdot Top Deals