Adobe Issues Emergency Patch for Flash Zero-Day

Adobe has just released an update to address a vulnerability found in its Flash Player browser plug-in. In its security advisory (APSB15-14), Adobe notes that this vulnerability “is being actively exploited in the wild via limited, targeted attacks. Systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP, are known targets.”

The critical flaw (CVE-2015-3113) could potentially allow an attacker to take control of the affected system. The affected software versions are the following:

Adobe Flash Player 18.0.0.161 and earlier versions for Windows and Mac
Adobe Flash Player Extended Support Release version 13.0.0.292 and earlier 13.x versions for Windows and Macintosh
Adobe Flash Player 11.2.202.466 and earlier 11.x versions for Linux

Adobe has stated that the latest version of Flash Player Desktop Runtime for Windows and Mac (v. 18.0.0.194) will address this issue. Users who may be unsure of the version of their Flash software may use this link to check.

Adobe Flash Player on Google Chrome and Internet Explorer on Windows 8.1 and later should automatically update to the latest version. Updates, including those for Windows XP, are also available in the Adobe Flash Player Download Center. We would also recommend that users opt for automatic updates whenever possible so that their applications are updated as soon as possible.

We will update this entry should any additional information be made available.

Post from: Trendlabs Security Intelligence Blog – by Trend Micro

Adobe Issues Emergency Patch for Flash Zero-Day