Skip to comments.
Adobe Patches Flash Flaw Targeted by Exploit in the Wild
Intego.com ^
| April 14th, 2015
| by Derek Erwin
Posted on 04/14/2015 8:34:23 PM PDT by Swordmaker
Adobe Systems has released a patch for 22 vulnerabilities in Flash Player, one of which is reportedly under attack by an exploit that exists in the wild. The most critical vulnerability, CVE-2015-3043, could lead to code execution. Adobe's Flash Player security updates are available for Macintosh, Windows and Linux.
"Adobe is aware of a report that an exploit for CVE-2015-3043 exists in the wild, and recommends users update their product installations," said Adobe. If you reached this page because you're unsure if a popup alert from Adobe is real, take a look at our helpful guide for best practices how to safely install and update Adobe Flash Player.
Affected software versions (now out of date and vulnerable) include: Adobe Flash Player 17.0.0.134 and earlier versions, Adobe Flash Player 13.0.0.277 and earlier 13.x versions, and Adobe Flash Player 11.2.202.451 and earlier 11.x versions.
Adobe's security buletin describes the vulnerabilities patched in these updates as follows:
- These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, CVE-2015-3043).
- These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-0356).
- These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2015-0348).
- These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-0349, CVE-2015-0351, CVE-2015-0358, CVE-2015-3039).
- These updates resolve double-free vulnerabilities that could lead to code execution (CVE-2015-0346, CVE-2015-0359).
- These updates resolve memory leak vulnerabilities that could be used to bypass ASLR (CVE-2015-0357, CVE-2015-3040).
- These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2015-3044).
Adobe Flash users running Mac OS X and Windows computers should update to Adobe Flash Player 17.0.0.169 (14.9 MB) as soon as possible to avoid potential attacks. Linux users should update to Adobe Flash Player 11.2.202.457.
Adobe Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Flash Player 17.0.0.169. Moreover, Adobe Flash installed with Internet Explorer (IE) for Windows 8.x will automatically be updated to the latest version when available, which will include Adobe Flash Player 17.0.0.169.
In addition to patching Flash Player vulnerabilities, Adobe has also released security updates for ColdFusion and Adobe Flex—each addressing a separate vulnerability.
TOPICS: Business/Economy; Computers/Internet
KEYWORDS: adobe; computers; computing; macpinglist; windowspinglist
Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-46 next last
To: Swordmaker
Adobe Flash is probably the worst offender when it comes to problems with most browsers.
21
posted on
04/14/2015 9:58:25 PM PDT
by
Larry381
(In a time of universal deceit, telling the truth is a revolutionary act)
To: Swordmaker
That does explain why my system automatically updated to Adobe Flash 17.0.0.169 (both the regular version and the version that comes with Google Chrome 42.0).
22
posted on
04/14/2015 10:02:12 PM PDT
by
RayChuang88
(FairTax: America's economic cure)
To: Larry381
I’m a little on the . . . .make that a lot on the computer illiteracy side. What happens if I would just delete the Flash?
23
posted on
04/14/2015 10:04:34 PM PDT
by
Maudeen
To: Swordmaker
I have Avast and it lists the software and says all are up to date. Listed is Flash Active X and Flash Plugin whatever they are. Should I delete either one of them?
24
posted on
04/14/2015 10:08:20 PM PDT
by
Maudeen
To: Maudeen
I have Avast and it lists the software and says all are up to date. Listed is Flash Active X and Flash Plugin whatever they are. Should I delete either one of them? Check the article for the correct version number for your computer and see if they match your Flash. You can always go in to your control panel and remove your current Flash and install one you download from Adobe's official site. That should guarantee you've got the right one.
The Adobe Flash Download page is here: Official Adobe Flash Downloader OS Selection Page
25
posted on
04/14/2015 10:26:07 PM PDT
by
Swordmaker
(This tag line is a Microsoft insult free zone... but if the insults to Mac users contnue...)
To: Maudeen
I have Avast and it lists the software and says all are up to date. Listed is Flash Active X and Flash Plugin whatever they are. Should I delete either one of them? Some versions of Windows are set to automatically keep Flash updated. . . so you may be OK. . . but CHECK to be sure.
26
posted on
04/14/2015 10:27:12 PM PDT
by
Swordmaker
(This tag line is a Microsoft insult free zone... but if the insults to Mac users contnue...)
To: Swordmaker
Ok. . . thanks for taking the time to help this senior citizen out!
27
posted on
04/14/2015 10:29:30 PM PDT
by
Maudeen
To: Maudeen
I’m a little on the . . . .make that a lot on the computer illiteracy side. What happens if I would just delete the Flash? You would not be able to see some videos on certain websites, some websites would not work that use Flash animations or scripts, all FLASH games would not work (there are a lot on Facebook), and you wouldn't be vulnerable to the next bi-weekly Flash exploits trying to steal your identity. ;^)
28
posted on
04/14/2015 10:32:00 PM PDT
by
Swordmaker
(This tag line is a Microsoft insult free zone... but if the insults to Mac users contnue...)
To: rarestia; Swordmaker
>
*facepalm* Why is Flash allowed to continue to exist? I wish everyone would just move to HTML5 and be done with it. Me too. Why it continues is sad but simple: It's still making money (as Swordmaker said) and there's still a ton of it that people love to watch.
Makes me crazy.
29
posted on
04/14/2015 10:32:14 PM PDT
by
dayglored
(Listen, strange women lying in ponds distributing swords is...sounding pretty good about now.)
To: Swordmaker
FYI - Adobe's web site is experiencing a partial outage. I tried to update an end user's Flash an hour sgo, and the download page is down. Problem solved. LOL
30
posted on
04/14/2015 10:38:24 PM PDT
by
Viking2002
(The Avatar is back by popular request.)
To: Swordmaker
> buffer overflow
> use-after-free
> memory leak
It’s a laundry list of the most basic programming errors. Are 12-year-olds writing the code? Something is very, very wrong at Adobe. There’s no excuse for this.
31
posted on
04/14/2015 10:41:58 PM PDT
by
ArcadeQuarters
("Immigration Reform" is ballot stuffing)
To: BullDog108
I am at that point myself. Between their constant vulnerability and all those viruses that pass themselves off as a Flash update. Good Riddance.
32
posted on
04/14/2015 10:44:51 PM PDT
by
Finatic
(Sometimes I think it would be nice to just get it on and get it over with. Once and for all.)
To: Viking2002
FYI - Adobe's web site is experiencing a partial outage. I tried to update an end user's Flash an hour sgo, and the download page is down. Problem solved. LOL Obviously their website runs on Flash and another exploit has been discovered. . . ;^)
33
posted on
04/14/2015 10:58:16 PM PDT
by
Swordmaker
(This tag line is a Microsoft insult free zone... but if the insults to Mac users contnue...)
To: Swordmaker
LOL And you probably aren't far from the truth........
34
posted on
04/14/2015 11:01:23 PM PDT
by
Viking2002
(The Avatar is back by popular request.)
To: sparklite2
Not likely but they must have a poor bunch of programmers working for them.
35
posted on
04/14/2015 11:06:34 PM PDT
by
Deagle
(ui)
To: Swordmaker
I CHECKED. . .DON’T ASK ME HOW I FOUND IT. . .THE GOOD LORD HELPS ME IN EVERYTHING. AVAST LET ME DOWN. . .I DID NOT HAVE THE LATEST VERSION. THE FIRST TIME I TRIED IT DIDN’T WORK AND I AM GLAD IT DIDN’T SINCE I DIDN’T WANT THE GOOGLE TOOL BAR AND WHATEVER ELSE THEY WERE ADVERTISING AND HAD ALREADY CHECKED. THANKS SO MUCH FOR YOUR HELP!
36
posted on
04/14/2015 11:08:47 PM PDT
by
Maudeen
To: Maudeen
THANKS SO MUCH FOR YOUR HELP! You are very welcome, Maudeen.
37
posted on
04/14/2015 11:13:17 PM PDT
by
Swordmaker
(This tag line is a Microsoft insult free zone... but if the insults to Mac users contnue...)
To: Pride in the USA
Ask the hubby to check your Flash version and see if it needs to be updated.
38
posted on
04/14/2015 11:13:38 PM PDT
by
lonevoice
(Life is short. Make fun of it.)
To: Swordmaker
39
posted on
04/15/2015 3:33:05 AM PDT
by
glock rocks
(Whenever I find myself in a conundrum, I ask myself: What would Elvis do?)
To: Excellence
40
posted on
04/15/2015 5:04:28 AM PDT
by
Excellence
(Marine mom since April 11, 2014)
Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-46 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson