Security News

Adobe Patches Flash Security Flaw Under Attack in the Wild

Posted on July 8th, 2015 by

adobe-patched-headerAdobe Systems has issued a mammoth security update with patches for a combined 36 vulnerabilities, one of which is currently under attack in the wild. The most critical flaw, CVE-2015-5119, could lead to code execution. Adobe’s Flash Player updates are available for Macintosh, Windows and Linux.

“Adobe is aware of a report that CVE-2015-5119 is being actively exploited in the wild,” said Adobe. As noted by Lucian Constantin over at PCWorld, cybercriminals began using the exploit just a day after it was leaked from a surveillance software developer. Constantin wrote:

The exploit was found by security researchers yesterday among the 400GB worth of files stolen recently from Hacking Team, an Italian company that develops and sells intrusion and surveillance software to government agencies.

Similarly, it took just one extra day for Adobe Systems to patch the vulnerability with today's release of Adobe Flash Player 18.0.0.203 for Mac and Windows.

Cybercriminals use Exploit Kits to attack known vulnerabilities in browser plug-ins, such as Flash Player and other Adobe software, and install malware on a victim’s computer. “These attacks are typically launched from compromised websites or through malicious advertisements,” warned Constantin.

If you’re not sure whether a popup alert claiming to be from Adobe is real or fake, take a look at our handy security tips on how to safely install and update Adobe Flash.

Affected software versions — which are out of date and vulnerable to attack — include the following:

Vulnerable Adobe software versions - July 8, 2015

Adobe’s security bulletin describes the vulnerabilities patched in these updates as follows:

Adobe Flash users running Mac OS X and Windows computers should update to Adobe Flash Player 18.0.0.203 (15.6 MB) immediately to avoid potential attacks. Linux users should update to Flash Player 11.2.202.481.

Flash Player for Google Chrome and Internet Explorer will be automatically updated to the latest version, and includes the security fixes mentioned here.