Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Adobe Updates Flash Player, Shockwave and PDF Reader - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe Updates Flash Player, Shockwave and PDF Reader

In a warm up to patch Tuesday, it looks like we have a new version for Adobe Flash Player, Shockwave Player and PDF Reader. Given that some of the exploits against the vulnerabilities patched are public, you may want to expedite patching and review your Flash Player and browser configuration.

the latest (patched) versions are (thanks Dave!):

- Flash Player 18.0.0.209
- Flash Player EST 13.0.0.305
- Reader 10.1.15
- Reader 11.0.12
- Shockwave Player 12.1.9.159

Bulletins:

https://helpx.adobe.com/security/products/shockwave/apsb15-17.html
https://helpx.adobe.com/security/products/flash-player/apsb15-18.html
https://helpx.adobe.com/security/products/reader/apsb15-15.html

You can get the latest version here: https://get.adobe.com/flashplayer/ 

Also note that many browsers now allow you to disable Flash by default. You can re-enable it for sites that require Flash. Here is a nice page that will explain how to have your browser ask for permission before running plugins:

http://www.howtogeek.com/188059/how-to-enable-click-to-play-plugins-in-every-web-browser/

 

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

I will be teaching next: Intrusion Detection In-Depth - SIEM Summit & Training 2019

Johannes

3627 Posts
ISC Handler
Update for Acrobat just released, latest version 15.007.20033.
Joey

18 Posts
A direct link to the latest builds (for Flash anyway) for multiple OSes is here: https://www.adobe.com/products/flashplayer/distribution3.html. Adobe doesn't make this easy to find.
Tom

5 Posts
Yes, the Flash player update covers the 0-day found yesterday (07/13). So this update fixes 2 0-days.
R

35 Posts
The referenced HowToGeek guide missed one very good blanket approach for IE, which is to enable ActiveX Filtering, switching all ActiveX controls to a default-deny condition. A Flash site would result in a blue slashy-circle icon in the address bar, with the option to override the filtering for that visit if desired.
R
12 Posts

Sign Up for Free or Log In to start participating in the conversation!