Your one-stop web resource providing safety and security information to manufacturers

Adobe updated Flash Player to address a Zero Day vulnerability and a critical security hole that could lead to remote code execution.

Adobe started distributing the update, version, over the weekend via the auto-update mechanism in Flash Player. In addition, Adobe sent out a standalone installer Tuesday.

Adobe Flash Zero Day in Exploit Kit
Zero Day Abused in Sony Hack: Report
Sony: Risk Management in Real Time
Talk to Me: Elevating Security Awareness

This out-of-band update fixed a use-after-free vulnerability (CVE-2015-0311) already undergoing attacks. Along with that, Adobe also patched a double-free flaw that can end up exploited for remote code execution (CVE-2015-0312). CVE-2015-0312 came to Adobe via a researcher using the online moniker “bilou” via the Chromium Vulnerability Rewards Program.

Adobe advises Windows and Mac users to update their Flash Player installations to version The Adobe Flash Player Extended Support Release should update to The latest variant of Flash Player for Linux is

Cyber Security

With the release of OS X Yosemite 10.10.2, Apple blocked all Flash Player plugins prior to versions and

CVE-2015-0311 first came to light from French researcher Kafeine while analyzing an instance of the Angler exploit kit. This vulnerability and CVE-2015-0310, which Adobe fixed last week with an emergency patch, are falling victim to attackers using the Bedep malware.

Initially, researchers thought CVE-2015-0311 was only in the Angler exploit kit, but researchers later found attackers were using it in malvertising campaigns targeting adult websites.

Pin It on Pinterest

Share This