Flash Player Mayhem
October 16, 2015
For the second time this week, Adobe has released a patched version of its Flash Player, addressing a zero day exploit that was both targeted and of limited scope (for now). The new patched version is now 19.0.0.226
The first Flash update, 19.0.0.207, released on Tuesday, October 13, 2015, addressed 21 separate CVE vulnerabilities. Today's update patches 3 more.
All of these 24 CVE vulnerabilities are critical, meaning that attackers could potentially use them to take control of an affected operating system. And, ALL operating systems are affected by these vulnerabilities.
All versions of Abode's Flash Player up to and including 19.0.0.207, on Windows and Macintosh, and 11.2.202.535 and earlier on Linux computers are vulnerable and exploitable. Users who operate with fewer account privileges would be less at risk of automatic exploitation. However, they can still be tricked into allowing a malicious Trojan to download, or might open a booby-trapped email attachment, then inputting the administrator credentials to install it. In fact, this is the tactic used in targeted attacks, where a valuable recipient is personally baited to open/download and execute hostile code.
Along with Flash, Adobe Air was also updated on Oct 13, to version 19.0.0.213. If you have it installed, or even suspect that you have it, update it now, by going to https://get.adobe.com/air/. It is used in many online document creation and sharing platforms and is one of the methods cybercriminals can use to take over computers (and other devices) and to steal online documents.
Mac and Windows users can test your various browsers for the presence and version of Flash Player by visiting the Flash Player Download Center. If you have more than one browser installed, do this with each one. There are different formats of Flash for different browsers. Some, like Google Chrome and Microsoft Edge, have Flash built right into them. These browsers themselves will receive pushed updates when a new version of Flash is released. Since Microsoft Edge is part of Windows 10, the operating system itself will get these patched versions of the new browser with Windows Updates (normally running in the background by default).
In addition to Flash and Air, Adobe has also released patched versions of its PDF readers and writers. All versions of Adobe Reader and Acrobat have been updated to plug several dozen critical and priority 2 vulnerabilities. The desktop Reader is now at version 11.0.13. Use the automatic updater in your Acrobat or Reader program, or visit the Adobe Reader Download page to update manually.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.