Adobe Updates Flash Player, Shockwave and PDF Reader

Published: 2015-07-14
Last Updated: 2015-07-14 15:15:15 UTC
by Johannes Ullrich (Version: 1)
4 comment(s)

In a warm up to patch Tuesday, it looks like we have a new version for Adobe Flash Player, Shockwave Player and PDF Reader. Given that some of the exploits against the vulnerabilities patched are public, you may want to expedite patching and review your Flash Player and browser configuration.

the latest (patched) versions are (thanks Dave!):

- Flash Player 18.0.0.209
- Flash Player EST 13.0.0.305
- Reader 10.1.15
- Reader 11.0.12
- Shockwave Player 12.1.9.159

Bulletins:

https://helpx.adobe.com/security/products/shockwave/apsb15-17.html
https://helpx.adobe.com/security/products/flash-player/apsb15-18.html
https://helpx.adobe.com/security/products/reader/apsb15-15.html

You can get the latest version here: https://get.adobe.com/flashplayer/ 

Also note that many browsers now allow you to disable Flash by default. You can re-enable it for sites that require Flash. Here is a nice page that will explain how to have your browser ask for permission before running plugins:

http://www.howtogeek.com/188059/how-to-enable-click-to-play-plugins-in-every-web-browser/

 

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

Keywords: adobe flash patch
4 comment(s)

Comments

Update for Acrobat just released, latest version 15.007.20033.
A direct link to the latest builds (for Flash anyway) for multiple OSes is here: https://www.adobe.com/products/flashplayer/distribution3.html. Adobe doesn't make this easy to find.
Yes, the Flash player update covers the 0-day found yesterday (07/13). So this update fixes 2 0-days.
The referenced HowToGeek guide missed one very good blanket approach for IE, which is to enable ActiveX Filtering, switching all ActiveX controls to a default-deny condition. A Flash site would result in a blue slashy-circle icon in the address bar, with the option to override the filtering for that visit if desired.

Diary Archives