Critical Security Advisory for Adobe Flash Player (APSA15-02)

[Corrine]

Yes, expect yet another critical Flash Player update this week.

Adobe Security Bulletin:

Security Advisory for Adobe Flash Player

Release date: February 2, 2015
Vulnerability identifier: APSA15-02
CVE number: CVE-2015-0313
Platform: All Platforms

Summary

A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below.

Adobe expects to release an update for Flash Player during the week of February 2. For more information on updating Flash Player please refer to this post.

Affected software versions

• Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh
• Adobe Flash Player 13.0.0.264 and earlier 13.x versions
• Adobe Flash Player 11.2.202.440 and earlier versions for Linux

 

[x BlueRobot]

Has the update been released yet? I've just supposedly downloaded the latest version, and it still shows that I have 16.0.0.296.

 

[Patrick]

Has the update been released yet?

Not yet, no.

 

[Corrine]

Still waiting today too. Generally, Flash Player updates are released by early in the morning my time although it takes them a while to update the Release Notes.

So far this year, Adobe Flash Player hasn't been doing very good security wise. These were the updates for January, all with critical security updates:

January 13 (2nd Tuesday): 16.0.0.272
January 22 (out of band): 16.0.0.287
January 24 (out of band): 16.0.0.296

 

[Corrine]

Released today for those who have enabled auto-update for the Flash Player desktop runtime is version 16.0.0.305. The manual download is expected to be available tomorrow, February 5. In addition, Adobe is working to make the update available in Google Chrome and Internet Explorer 10 and 11.

The update settings for Flash Player versions 10.3 and above can found in the Advanced tab of the Flash Player Settings Manager. The locations are as follows:

• Windows: click Start > Settings > Control Panel > Flash Player
• Macintosh: System Preferences (under Other) click Flash Player
• Linux Gnome: System > Preferences > Adobe Flash Player
• Linux KDE: System Settings > Adobe Flash Player

Also note that the Flash Player Settings Manager is where to manage local settings.

Update Information:

Release date: February 2, 2015
Last updated: February 4, 2015
Vulnerability identifier: APSB15-02
CVE number: CVE-2015-0313

When available, the following are the direct download links:

• Non-IE Plugin (Opera, Firefox, Etc.): http://download.macromedia.com/get/...ensing/win/install_flash_player_16_plugin.exe
• Flash Player For Internet Explorer, Windows 7 and earlier: http://download.macromedia.com/get/...sing/win/install_flash_player_16_active_x.exe

To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page from the Advanced tab of the Flash Player Settings Manager.

 

[x BlueRobot]

I'll have to update this tonight, thanks.