Adobe Flash Player Update Released, Fixing CVE 2015-0313
An update has been released for Adobe Flash that fixes according to Adobe the recently discovered and exploited vulnerability CVE-2015-0313. Currently, the new version of Flash Player is only available as an auto-install update, not as a standalone download. To apply it, you need to check for updates within Adobe flash. (personal note: on my Mac, I have not seen the update offered yet).
The new Flash player version that fixes the problem is 16.0.0.305. The old version is 16.0.0.296.
Adobe updated its bulletin to note the update: https://helpx.adobe.com/security/products/flash-player/apsa15-02.html
My next class:
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
×
Diary Archives
Comments
Let's just go ahead and start the countdown clock until the next one happens. I've been Flash free for about a week, and have had a surprisingly good experience other than a few news sites that insist on using Flash for video. I manage my security devices via their management program, and their formerly Flash dependent web interface is not in Flash anymore.
A few year ago, I could not have done this for this long. I realize others are not there.
I'm just worried these jerks have a stack of zero days that they're holding back for release. Having the world as your oyster for 10 odd days must really make these guys happy. Anyway, time will tell.
Yes, I'm jaded, but the eventual death of Flash is imminent. I will be doing everything in my power to help that process along. Boycotting Flash will force the web sites using it to change. Also, shame on these advertising server farms as you are wrecking havoc with your lax policies.
Anonymous
Feb 5th 2015
9 years ago
Let's just go ahead and start the countdown clock until the next one happens. [/quote]
Well, keep the "update" button handy... As said in earlier posts this is the "new preferred" methodology of attacks. As you see "cup of joe" (java) attacks reduce, these WILL continue. <sigh>
Of course this would change if ALL, repeat ALL software distribution organizations actually did better testing. We have seen this with MS and their past failed update record. Sad, if we wrote code for a company, how long do you think we would have a seat?
[quote] Boycotting Flash will force the web sites using it to change.[/quote]
Good luck with that!!!
P.S. Dr. "J" time to update the Sonic Wall information???
ICI2I
Anonymous
Feb 5th 2015
9 years ago
Anonymous
Feb 5th 2015
9 years ago
Anonymous
Feb 5th 2015
9 years ago
Anonymous
Feb 5th 2015
9 years ago
I've tried to go Flash free in the past, and this is the longest I've ever made it. I don't really care about it anymore. I had to reimage one of my fully patched PCs back in late December after using Internet Explorer(Up to date)very briefly where I don't run all of the ad blocking stuff that I run on my main browser. After analyzing my security, Flash was the only culprit or some other unknown IE exploit that could have possibly done it. I have further locked down things even tighter since then.
Ditching Flash is just another part of it. If this keeps up, I may only surf the web in a VM.
Anonymous
Feb 5th 2015
9 years ago
- Snuffy -
Anonymous
Feb 5th 2015
9 years ago
https://helpx.adobe.com/security/products/flash-player/apsb15-04.html
The advisory indicates this latest version addresses CVE-2015-0313 through CVE-2015-3030 inclusive.
That's 18 CVE's!
Anonymous
Feb 5th 2015
9 years ago
Great idea or Onion... Shut down.. Poof.. gone! :o
Anonymous
Feb 5th 2015
9 years ago
http://download.macromedia.com/get/flashplayer/current/support/uninstall_flash_player.exe provided the latest 16.0.0.305 uninstaller.
while telling on their download page for Flash it has been updated to 16.0.0.305, they still deliver 296 in the *.exe files, version with holes not fixed. only the *.msi contain the updated .305 update.
http://www.adobe.com/products/flashplayer/distribution3.html
Just tested - this is simply not acceptable.
Anonymous
Feb 6th 2015
9 years ago