Thursday, January 22, 2015

Out of Band Adobe Flash Player Critical Security Update

Adobe Flashplayer

Adobe has released security updates for Adobe Flash Player 16.0.0.257 and earlier versions for Windows and Macintosh and Adobe Flash Player 11.2.202.425 and earlier versions for Linux.

Correction: From Threatpost, Adobe Patches One Zero Day in Flash, Still Investigating Separate Vulnerability:

"The vulnerability that Adobe patched Thursday is under active attack, but Adobe officials said that this flaw is not the one that security researcher Kafeine said Wednesday was being used in the Angler attacks."
The Threatpost article further indicated that there is no indication from Adobe officials that an update is in the works for the Angler zero-day vulnerability.
Adobe officials did not say whether there is an update in the works for the zero-day vulnerability. - See more at: http://threatpost.com/adobe-patches-one-zero-day-in-flash-still-investigating-separate-vulnerability#sthash.l1CqIaAn.dpuf
Adobe officials did not say whether there is an update in the works for the zero-day vulnerability. - See more at: http://threatpost.com/adobe-patches-one-zero-day-in-flash-still-investigating-separate-vulnerability#sthash.l1CqIaAn.dpuf
Adobe officials did not say whether there is an update in the works for the zero-day vulnerability. - See more at: http://threatpost.com/adobe-patches-one-zero-day-in-flash-still-investigating-separate-vulnerability#sthash.l1CqIaAn.dpuf



This update address a Zero-Day in Adobe Flash Player discovered by security researcher Kafeine that was being distributed through the Angler Exploit Kit (See Unpatched Vulnerability (0day) in Flash Player is being exploited by Angler EK | Malware don't need Coffee.)  

The update below has been released by Adobe to address the vulnerability.  It is strongly advised that the update be applied as soon as possible.

Update Information:


Release date: January 22, 2015
Vulnerability identifier: APSB15-02

CVE number: CVE-2015-0310
Platform: All Platforms
  • Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 16.0.0.287.
  • Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.262.
  • Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.438.
  • Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically update to the current version.

Flash Player Update Instructions

Warning:  Although Adobe suggests downloading the update from the Adobe Flash Player Download Center, that link includes a pre-checked option to install unnecessary extras, such as McAfee Scan Plus or Google Drive.  If you use the download center, uncheck any unnecessary extras.

It is recommended that you either use the auto-update mechanism within the product when prompted, or my preference, the direct download links.

    Notes:
    • If you use the Adobe Flash Player Download Center, be careful to uncheck any optional downloads that you do not want.  Any pre-checked option is not needed for the Flash Player update.
    • Uncheck any toolbar offered with Adobe products if not wanted.
    • If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.
    • The separate 32-bit and 64-bit uninstallers have been replaced with a single uninstaller.
    • Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.259.
    Adobe Flash Player for Android

    The latest version for Adobe Flash Player for Android is available by downloading it from the Android Marketplace by browsing to it on a mobile phone.   

    Verify Installation

    To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu. 

    Do this for each browser installed on your computer.

    To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

    References






    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...


    No comments: