Mike Mimoso and Chris Brook discuss the news of the week, including zero day vulnerabilities–both in Adobe Flash and Windows, a nasty vulnerability in SAP business applications, Mozilla asking FBI to disclose a Tor exploit, and more. Download: Threatpost_News_Wrap_May_13_2016.mp3 Music by Chris Gonsalves

As promised earlier this week, Adobe today released an updated version of Flash Player that includes a patch for a zero-day vulnerability. Adobe said it is aware of the existence of a public exploit for CVE-2016-4117, but said the flaw has not been publicly attacked. The vulnerability affects Flash Player versions 21.0.0.226 and earlier on Windows,...

Adobe rolled out security updates for three of its products on Tuesday, including 95 fixes it pushed for Acrobat, Reader, and ColdFusion. Users will have to wait until later this week, however, to patch a critical vulnerability that exists in Flash Player. It may only be a matter of time until the vulnerability is publicly...

Adobe today patched a vulnerability in the Adobe Analytics AppMeasurement for Flash library, which can be added to Flash projects to measure the usage of Flash-based content. The vulnerability is a DOM-based cross-site scripting flaw that can be abused for cookie theft, said researcher Randy Westergren Jr., who privately disclosed the issue to Adobe. Unlike...

Exploits for a zero-day vulnerability in Adobe Flash Player are being aggressively distributed in two exploit kits. The zero day, meanwhile, was patched by Adobe in an emergency update released Thursday night. Attackers are using the previously unpatched flaw in the maligned Flash Player to infect victims with either Locky or Cerber ransomware. Locky is a relatively...

Adobe will release an emergency Flash Player update as soon as Thursday, patching a critical vulnerability that is being publicly attacked. Adobe said the vulnerability is in version 21.0.0.197 and earlier for Windows, Mac OS X, Linux and Chrome OS. “Successful exploitation could cause a crash and potentially allow an attacker to take control of...

Apple Safari and Adobe Flash have proved to be Pwn2Own 2016’s biggest punching bags so far—hackers took down both, earning $282,500 in prizes at the first day of the annual hacking challenge in Vancouver on Wednesday. There were four successful attempts, one partial, and one failed attempt at the competition, which is held in tandem with the...

Adobe today released a new version of Flash Player that patches 18 vulnerabilities, all of which can result in remote code execution attacks. On Tuesday, Adobe pushed out security updates for Reader, Acrobat and Digital Editions, and gave users a head’s up about an upcoming Flash update. Today’s Flash release patches a host of memory-related...

Adobe today released security updates for its PDF editing and viewing products, Acrobat and Reader, and its ereader for books called Adobe Digital Editions. And while the customary Flash update is missing from today’s monthly rollout, Adobe said a new version of the software will be available “in the coming days.” Last month, Adobe patched...

Adobe today patched 17 vulnerabilities in Acrobat and Reader, all of which the vendor rated as critical and warn could allow an attacker to commandeer the underlying system. Adobe said desktop versions of Acrobat and Reader XI (11.0.13), for Windows and Macintosh, are affected, as are Acrobat and Reader DC (15.009.20077 and 15.006.30097). None of...