Adobe releases safe announcement to put new loophole certainly.
New network client is carried in on June 8 report (Cheng Chunyu) the software Adobe FlashPlayer with netizen outfit necessary machine was discovered to exist by Tecent safety a few days ago Flash 0day flaw (CVE-2018-5002) , can be used to cause the large-scale attack that hang a horse. Adobe government confirms the existence of this flaw 7 days, upgrade Adobe FlashPlayer to 30.0.0.113 version.
Adobe installs the software with necessary machine as the netizen, its Flash Player is having wide application on the system such as Windows, Mac, flash flaw more because this becomes illegal hackers most one of loophole that often exploit.
Flaw of good to do Flash 0day (the safe defence of CVE-2018-5002) , tecent safety suggests broad netizen upgrades Flash Player to 30.0.0.113 version as soon as possible.
Tecent safety releases a technology to analyse a report to show, CVE-2018-5002 that is announced because Flash fails to handle the inn of the generation when the SWF file that includes special byte to pile up alignment correctly,be cross the border is read write flaw, at the same time of this flaw use regulation simple, an example can be in 32 to mix at the same time the stability in 64 systems moves.
Once the user nods the bait documentation of illegal hacker carelessly, can start Flash file (SWF1) downloads the Flash file that carries 0day flaw to atttack code (SWF2) . Use through this flaw, illegal hacker can realize the attack of all of pair of target computer science department easily.
Tecent safety expert points out, because Adobe Flash Player is installed almost,go up in each computer, basis before experience, often can have a large number of users and can not accomplish repair safe flaw in time. Once this flaw is a network black produce place control, produce large-scale webpage extremely likely to hang Ma Gong to attack, the consequence that cause hard beforehand appraise. (Be over)
