Adobe Security Bulletin
Security Advisory for Adobe Flash Player
Release date: October 14, 2015
Last updated: October 15, 2015
Vulnerability identifier: APSA15-05
CVE number: CVE-2015-7645
Platforms: Windows, Macintosh and Linux
Summary
A critical vulnerability (CVE-2015-7645) has been identified in Adobe Flash Player 19.0.0.207 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe is aware of a report that an exploit for this vulnerability is being used in limited, targeted attacks.
UPDATE: Adobe expects updates to be available as early as October 16.
Affected software versions
Adobe Flash Player 19.0.0.207 and earlier versions for Windows and Macintosh
Adobe Flash Player Extended Support Release version 18.0.0.252 and earlier 18.x versions
Adobe Flash Player 11.2.202.535 and earlier 11.x versions for Linux
To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select “About Adobe (or Macromedia) Flash Player” from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.
Severity ratings
Adobe categorizes this as a critical vulnerability.
fur later
My question - (beyond why we even continue to see such heavy use of Flash for anything any more) - how come Flash is apparently such an easy vector for malware? Is the Adobe team that inept? I don’t get it...
Either way, it sure makes Steve Jobs’ pontification against Flash several years ago look like genius.
So I removed adobe flash yesterday from all my browsers, today I find when trying to tune into Rush, virtually every live streaming radio requires adobe flash.
Does anyone know if there is an alternative that will work for live streaming radio.