Adobe Updates Flash Player to Fix Critical Vulnerability

Adobe may have deprecated Flash in favor of HTML5, but that doesn't mean everyone has stopped using it nor have hackers stopped looking for vulnerabilities.

Adobe released a new critical security on Thursday which fixes a zero-day flaw in Adobe Flash Player. According to the release notes, the vulnerability, could be exploited to "cause a crash and potentially allow an attacker to take control of the affected system".

Adobe Updates Flash Player to Fix Critical Vulnerability Adobe Security & Privacy

Adobe says that the exploit is in use by hackers, and they're not kidding. Apparently the vulnerability was identified by a researcher who found it in a malware toolkit last week:

The Angler exploit kit is one of the most popular crimeware kit and according to the French security researcher Kafeine it was enriched with a fresh Adobe Flashzero-day vulnerability. Kafeine has discovered a new variant of the Angler exploit kit that exploit three different vulnerabilities in Flash Player, including the zero-day flaw for the latest version of Flash (version 16.0.0.257) in several versions of Internet Explorer running on Windows 7 and Windows 8.

The security hole affects computers running Linux, OSX, and Windows, although the researchers have only identified the exploit being used against computers running Windows XP, 7, and 8. But since it's already being actively exploited you're definitely going to want update Flash Player.

If you have automatic updates enabled then Adobe will be rolling the update out to you. But just to be safe, you should probably check with Adobe and see if you have the latest version of Flash Player for your system.

According to this page, I'm good. Are you?

You can download the update here.

Adobe via Security Affairs

image by smswigart

Nate Hoffelder

View posts by Nate Hoffelder
Nate Hoffelder is the founder and editor of The Digital Reader: He's here to chew bubble gum and fix broken websites, and he is all out of bubble gum. He has been blogging about indie authors since 2010 while learning new tech skills at the drop of a hat. He fixes author sites, and shares what he learns on The Digital Reader's blog. In his spare time, he fosters dogs for A Forever Home, a local rescue group.

4 Comments

  1. Sarah Grendel26 January, 2015

    I’m confused. When I checked the link you give to identify my version of flash player, I’m told that I have 16.0.0.296. Wouldn’t that be more advanced than the 16.0.087?

    Reply
    1. Nate Hoffelder26 January, 2015

      According to Adobe’s notice, x.296 is the version which has been patched. You already got the update.

      Reply
      1. Sarah Grendel26 January, 2015

        Super! Thanks for confirming.

        Reply
  2. […] Luckily the hackers were not interested in infecting everyone, but that doesn't change the fact that they were still able to use weak security on the Forbes website and a previously unknown Adobe Flash security hole to potentially infect millions of computers. (That Flash security hole, in case you were wondering, was patched in January.) […]

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to top
%d bloggers like this: