Adobe Patches 13 Vulnerabilities in Flash Player

[RV_]

13 serious vulnerabilities in Flash were patched. For a change these were not being publicly exploited yet. But whenever patches are released for Flash Player, Adobe Reader, MS Windows, OSX, or other most used software the bad guys can reverse engineer the patches. So it is best to patch.

 

For Windows 7 and Vista just go to the control panel, click on your flash icon, and select the tab for updates.

 

For Windows 8/8.1 we just wait for MS to provide the upgrade in a Windows update patch. I would expect one today or tomorrow.

 

Today is Windows old traditional second Tuesday of the month update day. They are going to move away from that and start sending out updates as they are completed. This is a good thing in that we don't have a waiting period for known vulnerabilities waiting for the next month's second Tueasday.

 

Excerpt:

 

"Adobe today released another sizeable security update for Flash Player, patching 13 vulnerabilities. None of the security issues are being publicly exploited, Adobe said. All of them, however, expose Flash Player to remote attacks that would give a hacker access to the underlying system."

 

The most severe vulnerabilities impact Flash Player for Windows (including Flash Player for Internet Explorer 10 and 11 running on Windows 8 and 8.1), Mac OS X and Linux. The majority of the bugs patched today involve memory corruption issues that can be leveraged in other attacks. Those include: a memory address randomization issue of the Flash heap for Windows 7 64 bit; stack and integer overflows, and memory corruption vulnerabilities that lead to code execution; and four use-after-free vulnerabilities and a memory leak issue that lead to code execution or a bypass of Address Space Layout Randomization (ASLR)."

 

The whole article with more detail is here: https://threatpost.com/adobe-patches-13-vulnerabilities-in-flash-player/113222#sthash.s8G4gmFd.dpuf

[rvpopeye]

Flashplayer patched today

18.0.0.194

Hot n Buttered get it while it's still hot !

[RV_]

Get this one fast.

 

Excerpt:

 

"Adobe today released an out-of-band patch for a Flash Player zero-day vulnerability being used in targeted attacks by an APT gang known for its storehouse of exploits targeting unpatched browser-based vulnerabilities.

 

The group, named by FireEye as APT3 and responsible for the so-called Clandestine Fox operation, has been exploiting the latest Flash zero day since early this month via phishing emails targeting aerospace and defense, construction and engineering, high tech, telecommunications, transportation organizations."

 

The whole article and how serious is here: https://threatpost.com/emergency-adobe-flash-patch-fixes-zero-day-under-attack/113434

[Biker56]

I get this when trying to download.

 

Secure Connection Failed

An error occurred during a connection to admdownload.adobe.com. SSL received a record with an incorrect Message Authentication Code. (Error code: ssl_error_bad_mac_read)

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

 

On retry

C:\Users\TRIKE_~1\AppData\Local\Temp\3x4YbZJ7.exe.part could not be saved, because the source file could not be read.

Try again later, or contact the server administrator.

 

On edit I finally got it after a PC reboot and 3-4 more try's on the desktop.

Laptop got it right away no problem

[docj]

The Windows 8.1 update appears to be available.

[Zulu]

13 serious vulnerabilities in Flash were patched.

 

Only 13? Not bad for Adobe.

[RV_]

Zulu, that was 9 June, The new emergency patch was released yesterday, 23 June. Get those too ASAP.