Posted on 01/25/2015 9:08:43 PM PST by Swordmaker
Adobe on Saturday released an updated version of its Flash player software that patches an undisclosed vulnerability which could allow remote attackers to take control of Macs or PCs, urging users to update as the problem is being actively exploited by malicious actors.
Flash versions up to and including 16.0.0.287 on OS X and Windows and 11.2.202.438 on Linux are susceptible to the attack, the cause of which has yet to be detailed. Mac users with Adobe's automatic update feature enabled should begin receiving updates to version 16.0.0.296 immediately, and the company is preparing a standalone patch for manual installation to be released this week. Adobe is also working with Google to update the embedded version of Flash included in the Chrome browser.
The vulnerability — which has been assigned CVE number 2015-0311 — is "being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below," Adobe said in a security advisory. A "drive-by-download" attack is one in which software is downloaded to a user's computer without their knowledge or explicit consent.
Adobe defines CVE-2015-0311 as "critical," meaning a "vulnerability, which, if exploited would allow malicious native-code to execute, potentially without a user being aware."
Users can check the version of Flash installed on their system by visiting Adobe's About Flash Player page or right-clicking on Flash content in their browser and choosing "About Adobe (or Macromedia) Flash Player" from the contextual menu. Instructions for enabling automatic updates or manually updating Flash can be found here.
Thanks for the ping!
Interesting. I just checked Adobe's site and it still lists 16.0.0.287 as the current version. A scan with Secunia PSI shows the latest version to be 16.0.0.296 but Adobe doesn't seem to have it.re: Checked just now, and I have version 16.0.0.296, which I assume patched the vulnerability. - deoetdoctrinae
I used jonatron’s link, now a day later, and it seems that Adobe has pushed out a beta:Congratulations, your computer has the latest Flash Player beta version installed. (Your version 16.0.0.296 Latest version 16.0.0.287 )Thanks, Adobe - I guess . . .
Be not the first by whom the new are tried,I guess I’m the guinnie (sp) pig.
Nor yet the last to lay the old aside.Alexander Pope, An Essay on Criticism, 1711
http://www.quotationspage.com/quote/2031.html
Yeah, I forwarded this to my help desk kids. I’ve been letting them handle pushing out the updates.
Much fun that this happens in the middle of testing for the students. Last week, it was Java that triggered a Chrome update as well...
Thanks for the info. Maybe Adobe will get this straightened our before the next big issue pops up. ;-)
Wonder how they patch vulnerabilities without closing the bought and paid for backdoors the government asked for?
Very badly ....I mean carefully. :)
Guinea pig....squeak ,squeak. :)
Lol, probably so.
I wonder how many patches have been to reopen backdoors they accidentally closed?
It would be logical for them to rewrite the software from end to end, rather than keep playing with it.
It must be a developers nightmare by now.
So if ya see your protection pop up to update DON'T!
Like email always click thru your OWN tray icon, not a pop up.
Not to mention junk left over from earlier builds.
This is the version on Adobe website.
Version 16.0.0.287
Should I install it?
I've found that there is a check box somewhere right at the start of their download process to uncheck that eliminates the bloatware on both Windows and Mac installs. . . you have to search their page carefully to find it.
NO! Look for .296. That's the one that fixes the issue on Windows. Adobe is being its usual cart befor horse's ass self. As I understand it, .296 may be listed as a BETA version.
Thanks for the ping.
Flash Player will typically update automatically, unless you tell it otherwise. My preference is set to notify but not to automatically install.
This thread is confusing...
So it’s 16.0.0296 that is really the current one that takes care of the fix?
That is what I have.
It is. If you have Flash set up for auto update, then it probably is the most current one for Windows and is the fix. Apparently they still have the old broken one on their manual download website. . . which is über dumb.
Thank you...then it’s already a done deal...and yes I do automatic updates. But when there’s a question I do check to make certain.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.