Adobe Patches Flash Flaw Targeted by Exploit in the Wild

Adobe Patches Flash Flaw Targeted by Exploit in the Wild
Intego.com ^ | April 14th, 2015 | by Derek Erwin

Posted on 04/14/2015 8:34:23 PM PDT by Swordmaker

Adobe Systems has released a patch for 22 vulnerabilities in Flash Player, one of which is reportedly under attack by an exploit that exists in the wild. The most critical vulnerability, CVE-2015-3043, could lead to code execution. Adobe's Flash Player security updates are available for Macintosh, Windows and Linux.

"Adobe is aware of a report that an exploit for CVE-2015-3043 exists in the wild, and recommends users update their product installations," said Adobe. If you reached this page because you're unsure if a popup alert from Adobe is real, take a look at our helpful guide for best practices how to safely install and update Adobe Flash Player.

Affected software versions (now out of date and vulnerable) include: Adobe Flash Player 17.0.0.134 and earlier versions, Adobe Flash Player 13.0.0.277 and earlier 13.x versions, and Adobe Flash Player 11.2.202.451 and earlier 11.x versions.

Adobe's security buletin describes the vulnerabilities patched in these updates as follows:

These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).
These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-0356).
These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2015-0348).
These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039).
These updates resolve double-free vulnerabilities that could lead to code execution (CVE-2015-0346, CVE-2015-0359).
These updates resolve memory leak vulnerabilities that could be used to bypass ASLR (CVE-2015-0357, CVE-2015-3040).
These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2015-3044).

Adobe Flash users running Mac OS X and Windows computers should update to Adobe Flash Player 17.0.0.169 (14.9 MB) as soon as possible to avoid potential attacks. Linux users should update to Adobe Flash Player 11.2.202.457.

Adobe Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Flash Player 17.0.0.169. Moreover, Adobe Flash installed with Internet Explorer (IE) for Windows 8.x will automatically be updated to the latest version when available, which will include Adobe Flash Player 17.0.0.169.

In addition to patching Flash Player vulnerabilities, Adobe has also released security updates for ColdFusion and Adobe Flex—each addressing a separate vulnerability.

TOPICS: Business/Economy; Computers/Internet
KEYWORDS: adobe; computers; computing; macpinglist; windowspinglist

Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-46 last

To: Swordmaker

I use Linux Mint and FireFox. One can use only HTML5 to view YouTube videos. It is an easy AddOn.

Good Hunting... from Varmint Al

41 posted on 04/15/2015 7:12:04 AM PDT by Varmint Al

[ Post Reply | Private Reply | To 1 | View Replies]

To: sparklite2

I’ve noticed that the weekly (it seems) Adobe update is nearly always ~16K.

It’s like they are just seeing if your ‘puter is still connected, and/or what you’ve been doing.

42 posted on 04/15/2015 8:35:39 AM PDT by Don W ( When most riot, neighborhoods and cities burn. When Whites riot, nations and continents burn.)

[ Post Reply | Private Reply | To 3 | View Replies]

To: Swordmaker

At least it's easy to update with yum...

sudo yum update flash-plugin
[sudo] password for zeugma:
Loaded plugins: langpacks
adobe-linux-x86_64                                                                                    | 951 B 00:00:00
livna                                                                                                 | 1.3 kB 00:00:00
rpmfusion-free-updates                                                                                | 2.7 kB 00:00:00
rpmfusion-nonfree-updates                                                                             | 2.7 kB 00:00:00
updates/21/x86_64/metalink                                                                            | 15 kB 00:00:00
No packages marked for update

43 posted on 04/15/2015 10:05:02 AM PDT by zeugma ( The Clintons Could Find a Loophole in a Stop Sign)

[ Post Reply | Private Reply | To 25 | View Replies]

To: Varmint Al

Good Hunting... from Varmint Al

Thanks for the information, Al.

44 posted on 04/15/2015 1:53:59 PM PDT by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users contnue...)

[ Post Reply | Private Reply | To 41 | View Replies]

To: Swordmaker

I’m running 10.7.5 on a iMac.

45 posted on 04/15/2015 4:23:02 PM PDT by tubebender (Evening news is where they begin with "Good Evening," and then proceed to tell you why it isn't.)

[ Post Reply | Private Reply | To 16 | View Replies]

To: jacquej

So - in the shortest form possible, how come Adobe/Flash is such a hotbed of corruption and vulnerabilities? Are they run by former Microsoft techs? Ugh

46 posted on 04/16/2015 8:47:12 AM PDT by TheBattman (Isn't the lesser evil... still evil?)

[ Post Reply | Private Reply | To 2 | View Replies]

Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-46 last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search

General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794