Security News

Adobe Patches Flash Flaw Targeted by Exploit in the Wild

Posted on April 14th, 2015 by

adobe-patched-headerAdobe Systems has released a patch for 22 vulnerabilities in Flash Player, one of which is reportedly under attack by an exploit that exists in the wild. The most critical vulnerability, CVE-2015-3043, could lead to code execution. Adobe's Flash Player security updates are available for Macintosh, Windows and Linux.

"Adobe is aware of a report that an exploit for CVE-2015-3043 exists in the wild, and recommends users update their product installations," said Adobe. If you reached this page because you're unsure if a popup alert from Adobe is real, take a look at our helpful guide for best practices how to safely install and update Adobe Flash Player.

Affected software versions (now out of date and vulnerable) include: Adobe Flash Player 17.0.0.134 and earlier versions, Adobe Flash Player 13.0.0.277 and earlier 13.x versions, and Adobe Flash Player 11.2.202.451 and earlier 11.x versions.

Adobe's security bulletin describes the vulnerabilities patched in these updates as follows:

Adobe Flash users running Mac OS X and Windows computers should update to Adobe Flash Player 17.0.0.169 (14.9 MB) as soon as possible to avoid potential attacks. Linux users should update to Adobe Flash Player 11.2.202.457.

Adobe Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Flash Player 17.0.0.169. Moreover, Adobe Flash installed with Internet Explorer (IE) for Windows 8.x will automatically be updated to the latest version when available, which will include Adobe Flash Player 17.0.0.169.

In addition to patching Flash Player vulnerabilities, Adobe has also released security updates for ColdFusion and Adobe Flex—each addressing a separate vulnerability.

Sign up For Our Newsletter

Get the latest Mac security news direct to your inbox.

{"url":"\/marketo\/json\/add-to-newsletter","data":"list_name=Blog Roadblock"}