Adobe has released Vulnerability-related.PatchVulnerability a priority update to plug Vulnerability-related.PatchVulnerability a critical security flaw in its popular Flash Player on Windows . As per an official announcement by the company , the latest patch will address Vulnerability-related.PatchVulnerability issues in Adobe Flash Player 29.0.0.171 and other earlier versions . The vulnerabilities , according to Adobe , are being used by hackers to embed malicious content distributed via email . Security firm Icebrg on Thursday announced Vulnerability-related.DiscoverVulnerability that a zero-day vulnerability has led to exploitation in Adobe Flash specifically targeted towards users in the Middle East . The vulnerability ( CVE-2018-5002 ) enables attackers to execute certain actions by executing code on the victims ' computers . As per the blog post , the exploit uses a Microsoft Office document for the attack . To circumvent the fact that Adobe Flash is blocked on most browsers , the exploit involves loading Flash Player from within Microsoft Office . The flaw was reported Vulnerability-related.DiscoverVulnerability by Icebrg in collaboration with Qihoo 360 Core Security . `` While this attack leveraged a zero-day exploit , individual attacker actions do not happen in isolation . There are several other behavioural aspects that can be used for detection . Any single observable might be low confidence but multiple observables clustered might be indicative of suspicious or malicious activity , '' said Icebrg staff in its blog post . Of course , this is not the first instance wherein Flash Player 's vulnerabilities have been exploited Vulnerability-related.DiscoverVulnerability . Back in October last year , the company had issued Vulnerability-related.PatchVulnerability a security patch to fix Vulnerability-related.PatchVulnerability a critical leak . Users have been strongly recommended to update Adobe Flash in order to avoid any such vulnerabilities seeping into your machines . The update , however , is not a guarantee towards protection against future discrepancies . It is thus advised to enable flash on only a secondary browser that is not used majorly on the computer .

Microsoft issued Vulnerability-related.PatchVulnerability numerous bug fixes on its most recent Patch Tuesday , but according to the security firm 0patch , there were issues with one of the flaws for a critical vulnerability . The vulnerability in question Vulnerability-related.DiscoverVulnerability , ( CVE-2018-8423 ) , is a memory corruption vulnerability that exists in Vulnerability-related.DiscoverVulnerability the Jet Database Engine that , when exploited Vulnerability-related.DiscoverVulnerability , allows for remote code execution . 0patch noticed that the patch Microsoft had issued Vulnerability-related.PatchVulnerability was flawed as a result of studying the official patch of the Jet Database Engine and a “ micropatch ” that the security researchers had created for the same flaw . They explain this revelation as follows : As expected , the update brought a modified msrd3x40.dll binary : this is the binary with the vulnerability , which we had micropatched with 4 CPU instructions ( one of which was just for reporting purposes ) . The version of msrd3x40.dll changed from 4.0.9801.0 to 4.0.9801.5 and of course , its cryptographic hash also changed - which resulted in our micropatch for this issue no longer getting applied to msrd3x40.dll . So far so good , but the problems became glaring once further analysis began : We BinDiff-ed the patched msrd3x40.dll to its vulnerable version and reviewed the differences . At this point we will only state that we found the official fix to be slightly different to our micropatch , and unfortunately in a way that only limited the vulnerability instead of eliminating it . We promptly notified Microsoft about it and will not reveal further details or proof-of-concept until they issue Vulnerability-related.PatchVulnerability a correct fix . It may be a little frustrating to not know what the problem is from a tech journalist ’ s perspective , but as I am also an “ ethical ” hacker , I totally understand the lack of disclosure on the part of both Microsoft and 0patch . If the flaw is not public knowledge and has not been patched Vulnerability-related.PatchVulnerability , it makes no sense to hand a cybercriminal the keys to Windows user ’ s machines . What this story shows is how vital the relationship between third-party security researchers and vendors . Without the due diligence of first Trend Micro ’ s ZDI discovering Vulnerability-related.DiscoverVulnerability the original flaw , and then 0patch uncovering Vulnerability-related.DiscoverVulnerability the secondary flaw in the patch , Microsoft and their customers would be exposed to hackers with bad intentions .