Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>Adobe releases monthly updates early to patch Flash zero-day vulnerability

Adobe releases monthly updates early to patch Flash zero-day vulnerability


Adobe released its monthly security updates for January 2016 today, much earlier than its usual schedule of the middle of each month. The vendor accelerated the release of the patches due to a zero-day vulnerability in Flash Player (CVE-2015-8651) was reportedly exploited in limited targeted attacks.
 
This zero-day vulnerability affects the following Flash Player versions in Windows, Mac OS X, Linux, and Chrome OS:
 
·         Adobe Flash Player Desktop Runtime versions 20.0.0.235 and earlier for Windows and Mac
·         Adobe Flash Player Extended Support Release versions 18.0.0.268 and earlier for Windows and Mac
·         Adobe Flash Player for Google Chrome versions 20.0.0.228 and earlier for Windows, Mac, Linux, and Chrome OS
·         Adobe Flash Player for Microsoft Edge and Internet Explorer 11 versions 20.0.0.228 and earlier for Windows 10
·         Adobe Flash Player for Internet Explorer 10 and 11 versions 20.0.0.228 and earlier for Windows 8.0 and 8.1
·         Adobe Flash Player for Linux versions 11.2.202.554 and earlier for Linux
 
An attacker could exploit the vulnerability to remotely execute arbitrary code on an affected computer.
 
Users are advised to apply updates available from the Adobe Flash Player Download Center or by accepting the update prompt through their installed product.
 
Users can also fix Flash Player embedded in Chrome and Internet Explorer by updating their chosen browser.
 
Source:
 
Adode Security Bulletin
 
Team Cymru
 
Contact Information
 
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis