Adobe has issued another patch to its Flash Player for a ton of security flaws. Is someone keeping a count of how many patches did Flash receive this year? Consider this a holiday gift from Adobe and please, patch right away!
Flash Player flaw being exploited in the wild:
Adobe has released an emergency security update to its Flash Player to fix multiple vulnerabilities rated as critical. One of these is a zero-day exploit that is being used in the wild. The flaw (CVE-2015-8651) affects all platforms and enables an attacker to run a code remotely, which essentially means attackers can take control of your device. Adobe claimed that the flaw is being used "in limited, targeted attacks," but users are recommended to download the updated versions right away to stay secure. This particular vulnerability was reported to the software maker by Kai Wang and Hunter Gao of Huawei's IT security department. Several other organizations and individuals were also credited with reporting the issues and working with Adobe on the fixes.
No matter which operating system you are using, you are prone to these Flash Player vulnerabilities. Adobe recommends all the users of Windows, Mac OS X, Linux, and Chrome OS to update at the earliest. This is an out-of-band security update as usually Adobe sends updates every second Tuesday of the month. Consider this another "emergency sign" and update your Flash Player to the latest version. Here are the details of 19 security flaws that have been patched in Adobe Flash Player in this emergency update:
- These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-8644).
- These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-8651).
- These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650).
- These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-8459, CVE-2015-8460, CVE-2015-8636, CVE-2015-8645).
To update, head over to this version checker, where you will be informed if you need to install the new version or not. Chrome and Edge web browsers will be updated automatically. For more details, please check the security bulletin.
- Thanks for the tip, Jesse.