Friday, April 21, 2017
IMPERATIVE Adobe Flash Security Update v19 0 0 226 No updates yet for AIR or Shockwave
IMPERATIVE Adobe Flash Security Update v19 0 0 226 No updates yet for AIR or Shockwave
--
HAPPY NEWS (???)
Adobe provided an emergency release of Flash v19.0.0.226 today, which patches the current zero-day exploit going on in-the-wild. You can read the Adobe Security Bulletin about it here:
https://helpx.adobe.com/security/products/flash-player/apsb15-27.html
Vulnerability Details
These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2015-7645, CVE-2015-7647, CVE-2015-7648).Whether you want to actually reinstall Flash is another matter.
CVE-2015-7645 was the security vulnerability being actively exploited on the Internet.
NOTE: Adobe AIR and Shockwave have NOT yet been updated with this patched version of Flash! Therefore, Do No Use AIR or SHOCKWAVE at this time.
As usual: Keep in mind that Adobe AIR and Shockwave both integrate Flash and remain vulnerable to its security exploits until they too are updated. In the case of Shockwave, Adobe has been outrageously lax in keeping it up-to-date. I highly recommend trashing Shockwave permanently and doubt youre going to miss it.
~ ~ ~ ~ ~
Heres something ScARy for Halloween!
Check this out.
Its from 2009.
But may be just as true today.
Research: 80% of Web users running unpatched versions of Flash/Acrobat
Happy PWNing!
--
Available link for download