Corrine Posted January 22, 2015 Share Posted January 22, 2015 New Adobe Flash Zero-Day found in the Wild | Malwarebytes Unpacked Security researcher Kafeine has discovered a Zero-Day in Adobe Flash Player distributed through the Angler Exploit Kit. The information by Kafeine is at Unpatched Vulnerability (0day) in Flash Player is being exploited by Angler EK | Malware don't need Coffee. 1 Quote Link to comment Share on other sites More sharing options...
Corrine Posted January 22, 2015 Author Share Posted January 22, 2015 Adobe has released security updates for Adobe Flash Player 16.0.0.257 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.425 and earlier versions for Linux. This update address the above-referenced Zero-Day. See follow-up post! It is strongly advised that the update be applied as soon as possible. Non-IE Plugin (Opera, Firefox, Etc.): http://download.macr...r_16_plugin.exe Flash Player For Internet Explorer, Windows 7 and earlier: http://download.macr...16_active_x.exe Internet Explorer, Windows 8 and above: Microsoft updated Security Advisory 2755801. If you do not have Automatic Updates enabled, the Flash Player update can be downloaded from Microsoft Security Advisory: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10: July 9, 2013. Flash Player Uninstaller: http://download.macr...lash_player.exe Quote Link to comment Share on other sites More sharing options...
Corrine Posted January 22, 2015 Author Share Posted January 22, 2015 Correction: From Threatpost, Adobe Patches One Zero Day in Flash, Still Investigating Separate Vulnerability: "The vulnerability that Adobe patched Thursday is under active attack, but Adobe officials said that this flaw is not the one that security researcher Kafeine said Wednesday was being used in the Angler attacks." The Threatpost article further indicated that there is no indication from Adobe officials that an update is in the works for the Angler zero-day vulnerability. Quote Link to comment Share on other sites More sharing options...
Corrine Posted January 25, 2015 Author Share Posted January 25, 2015 Adobe gets second Flash zero-day patch ready 2 days early! | Naked Security If you have Flash Player set to auto-update, you'll receive the update automatically. Otherwise, the stand-alone installer for version 16.0.0.296 will be available for manual download during the week of January 26. Do the following to set Flash Player to auto-update: Windows: click Start > Settings > Control Panel > Flash Player Macintosh: System Preferences (under Other) click Flash Player Linux Gnome: System > Preferences > Adobe Flash Player Linux KDE: System Settings > Adobe Flash Player Adobe Security Bulletin 2 Quote Link to comment Share on other sites More sharing options...
Corrine Posted January 25, 2015 Author Share Posted January 25, 2015 The direct download links are now available: Non-IE Plugin (Opera, Firefox, Etc.): http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_16_plugin.exe Flash Player For Internet Explorer, Windows 7 and earlier: http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_16_active_x.exe 3 Quote Link to comment Share on other sites More sharing options...
ebrke Posted January 27, 2015 Share Posted January 27, 2015 Interesting--after running the download from the link Corrine supplied I find that Flash on Win7 reports a higher version than Adobe is saying is current on their check-Flash-version webpage. We're nothing if not cutting edge here at SNLF. 1 Quote Link to comment Share on other sites More sharing options...
Corrine Posted January 27, 2015 Author Share Posted January 27, 2015 The About page has finally been updated: http://www.adobe.com/software/flash/about/ 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.