Adobe has issued an update to plug security holes in its Flash Player software this week including fixes for at least 17 vulnerabilities in the program and in Adobe Air.
With Flash being among the top exploits in the wild we strongly recommend you uninstall Adobe Flash when possible. Should you need Flash for specific functions we recommend using a secondary browser with Flash enabled while leaving it disabled in your primary browser.
Adobe on Monday released security updates across multiple platforms that address vulnerabilities in Flash and AIR, some of which are deemed critical. Users should download the updates immediately.
Adobe released Flash Player and AIR updates that address 35 bugs, some of which could be exploited by an attacker to take control of a vulnerable system.
Windows and Macintosh users should update Flash Player to version 188.8.131.52
Attackers have added a recent dangerous Adobe vulnerability to the Magnitude exploit kit.
The remote code execution vulnerability (CVE-2015-3113) allows attackers to hijack un-patched machines targeting Internet Explorer on Windows 7 and XP. Windows 7 Users and XP Users (And we hope you are not one…) need to ensure they are up to date with Adobe Flash patches.
Adobe has published a Security Bulletin for the Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-3113). The new Security Bulletin, APSB15-14, identifies a heap buffer overflow vulnerability which affects various versions of Adobe Flash Player across multiple platforms. Exploitation of this critical vulnerability could allow an attacker to remotely execute arbitrary code. Adobe has acknowledged reports of this vulnerability being exploited in the wild in limited targeted attacks.
The following versions of Adobe Flash Player are vulnerable:
- Adobe Flash Player 184.108.40.206 and earlier versions for Windows and Mac OS X
- Adobe Flash Player Extended Support Release version 220.127.116.112 and earlier 13.x versions for Windows and Mac OS X
- Adobe Flash Player 18.104.22.1686 and earlier 11.x versions for Linux