Adobe Issues Emergency Patch for Flash Zero-Day
Adobe has just released an update to address a vulnerability found in its Flash Player browser plug-in. In its security advisory (APSB15-14), Adobe notes that this vulnerability “is being actively exploited in the wild via limited, targeted attacks. Systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP, are known targets.”
The critical flaw (CVE-2015-3113) could potentially allow an attacker to take control of the affected system. The affected software versions are the following:
- Adobe Flash Player 18.104.22.168 and earlier versions for Windows and Mac
- Adobe Flash Player Extended Support Release version 22.214.171.1242 and earlier 13.x versions for Windows and Macintosh
- Adobe Flash Player 126.96.36.1996 and earlier 11.x versions for Linux
Adobe has stated that the latest version of Flash Player Desktop Runtime for Windows and Mac (v. 188.8.131.52) will address this issue. Users who may be unsure of the version of their Flash software may use this link to check.
Adobe Flash Player on Google Chrome and Internet Explorer on Windows 8.1 and later should automatically update to the latest version. Updates, including those for Windows XP, are also available in the Adobe Flash Player Download Center. We would also recommend that users opt for automatic updates whenever possible so that their applications are updated as soon as possible.
We will update this entry should any additional information be made available.