Adobe acknowledges critical remote vulnerability in Flash, exploits already in the wild
Adobe on Saturday released an updated version of its Flash player software that patches an undisclosed vulnerability which could allow remote attackers to take control of Macs or PCs, urging users to update as the problem is being actively exploited by malicious actors.
Flash versions up to and including 16.0.0.287 on OS X and Windows and 11.2.202.438 on Linux are susceptible to the attack, the cause of which has yet to be detailed. Mac users with Adobe's automatic update feature enabled should begin receiving updates to version 16.0.0.296 immediately, and the company is preparing a standalone patch for manual installation to be released this week. Adobe is also working with Google to update the embedded version of Flash included in the Chrome browser.
The vulnerability --?which has been assigned CVE number 2015-0311 --?is "being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below," Adobe said in a security advisory. A "drive-by-download" attack is one in which software is downloaded to a user's computer without their knowledge or explicit consent.
Adobe defines CVE-2015-0311 as "critical," meaning a "vulnerability, which, if exploited would allow malicious native-code to execute, potentially without a user being aware."
Users can check the version of Flash installed on their system by visiting Adobe's About Flash Player page or right-clicking on Flash content in their browser and choosing "About Adobe (or Macromedia) Flash Player" from the contextual menu. Instructions for enabling automatic updates or manually updating Flash can be found here.
Flash versions up to and including 16.0.0.287 on OS X and Windows and 11.2.202.438 on Linux are susceptible to the attack, the cause of which has yet to be detailed. Mac users with Adobe's automatic update feature enabled should begin receiving updates to version 16.0.0.296 immediately, and the company is preparing a standalone patch for manual installation to be released this week. Adobe is also working with Google to update the embedded version of Flash included in the Chrome browser.
The vulnerability --?which has been assigned CVE number 2015-0311 --?is "being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below," Adobe said in a security advisory. A "drive-by-download" attack is one in which software is downloaded to a user's computer without their knowledge or explicit consent.
Adobe defines CVE-2015-0311 as "critical," meaning a "vulnerability, which, if exploited would allow malicious native-code to execute, potentially without a user being aware."
Users can check the version of Flash installed on their system by visiting Adobe's About Flash Player page or right-clicking on Flash content in their browser and choosing "About Adobe (or Macromedia) Flash Player" from the contextual menu. Instructions for enabling automatic updates or manually updating Flash can be found here.
Comments
The death of Flash couldn't come soon enough.
I wish Flash would just hurry up and die. I blame Google for it's continued existence.
I wish Flash would just hurry up and die. I blame Google for it's continued existence.
I blame Microsoft, especially as it's now a system component in Windows 8, 8.1 and 10
It's available via Windows Update on Windows 8, 8.1 and 10
EG from a quick google http://support2.microsoft.com/kb/2999249
I can see why MS decided to ship it with Windows (so at least it gets patched), but they should have just let it die
I put the blame on Adobe and "developers" that still push it to their sites. Even Apple used some Flash in MobileMe, but corrected that with their iCloud switch.
All good points.
I think BBC iPlayer still uses it for their video. Ever since Yosemite, the video freezes every minute or two for about a second. I don't know whether the blame lies with Flash, the BBC, Safari, Yosemite or my ageing iMac. I don't think it's my iMac, as video is smooth with DVDs and iTunes content.
I hate Flash.
I blame Obama.
I've been free of Flash for months and find that everything I need supports HTML5. Flash is now off my computers. I don't understand why Adobe continues to pour development money into this POS. Adobe's programmers could better spend their time working on their core apps. Flash has been the most patched and most vulnerable app I've ever encountered. I sure don't miss these constant patches.
Why?
The first troubleshooting step I'd do is see if it works fine in Chrome. if you are against a Google product in your user space then create a separate, basic account in which to test it. This is also a good way to see if it's potentially something with your user account, including corrupted PLIST files or a plug-in by also then testing it with Safari in that other, test account.
he is lampooning a type of righting American that will blame Obama for everything
try rightwing
Thanks for the tip.
All good points.
I think BBC iPlayer still uses it for their video. Ever since Yosemite, the video freezes every minute or two for about a second. I don't know whether the blame lies with Flash, the BBC, Safari, Yosemite or my ageing iMac. I don't think it's my iMac, as video is smooth with DVDs and iTunes content.
I hate Flash.
The first troubleshooting step I'd do is see if it works fine in Chrome. if you are against a Google product in your user space then run create a separate, basic account in which to test it. This is also a good way to see if it's potentially something with your user account, including corrupted PLIST files or a plug-in by also then testing it with Safari in that other, test account.
No, it's Flash. With Yosemite and a Flash blocker, I am seeing much more HTML5 videos pop up instead of Flash. I can use the developer setting and trick the site into thinking I'm using an iPad and HTML5 shows up. Try watching ESPN and just about every video sucks. Some of this is Flash, the rest is ESPN's servers. I'm still waiting for Netflix to drop Silverlight. Get rid of Flash and Silverlight and the world will be better off. As for using Google products, no thanks. Chrome will never touch my Macs. I'd rather use Opera on a Windows system. Even using Firefox on Windows causes problems for my in-laws with Netflix. Some add-on or default configuration causes it to not run Netflix.
Where was Google announcing these bugs before Adobe could fix them? I guess they gave up because Adobe sends out fixes every week.
Autocorrect got me.
there's nothing "correct" about being rightwing?
My version is actually 16.0.0.287, running Safari on Mac OS X Yosemite 10.10.1
So much for Adobe program quality.