Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2015-01-24 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

"Stealth" Update for Flash from Adobe

Published: 2015-01-24
Last Updated: 2015-01-25 02:58:36 UTC
by Johannes Ullrich (Version: 1)
9 comment(s)

[Update] Adobe now updated it's advisory and confirmed that version 16.0.0.296 fixes the o-day vulnerability (CVE-2015-0311). [2][3]

Adobe apparently just released Flash version 16.0.0.296. There is nothing on Adobe's website if this is a patch. As a matter of fact, Adobe still lists 16.0.0.287 as the most recent version [1]. You can download 16.0.0.296 if you manually check for updates using Flash.

This article will be updates as we learn more. I have NO IDEA if this new version fixes the current vulnerability, but given that this is a surprise weekend release, chances are that it was released in response to the vulnerability. Apply this update at your own risk.

Thanks to Christopher for noticing!

[1] http://www.adobe.com/software/flash/about/

[2] http://helpx.adobe.com/security/products/flash-player/apsa15-01.html

[3] http://blogs.adobe.com/psirt/?p=1160

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

Keywords:
9 comment(s)
Diary Archives