Adobe released its monthly security updates for January 2016 today, much earlier than its usual schedule of the middle of each month. The vendor accelerated the release of the patches due to a zero-day vulnerability in Flash Player (CVE-2015-8651) was reportedly exploited in limited targeted attacks.
This zero-day vulnerability affects the following Flash Player versions in Windows, Mac OS X, Linux, and Chrome OS:
· Adobe Flash Player Desktop Runtime versions 184.108.40.206 and earlier for Windows and Mac
· Adobe Flash Player Extended Support Release versions 220.127.116.118 and earlier for Windows and Mac
· Adobe Flash Player for Google Chrome versions 18.104.22.168 and earlier for Windows, Mac, Linux, and Chrome OS
· Adobe Flash Player for Microsoft Edge and Internet Explorer 11 versions 22.214.171.124 and earlier for Windows 10
· Adobe Flash Player for Internet Explorer 10 and 11 versions 126.96.36.199 and earlier for Windows 8.0 and 8.1
· Adobe Flash Player for Linux versions 188.8.131.524 and earlier for Linux
An attacker could exploit the vulnerability to remotely execute arbitrary code on an affected computer.
Users are advised to apply updates available from the Adobe Flash Player Download Center or by accepting the update prompt through their installed product.
Users can also fix Flash Player embedded in Chrome and Internet Explorer by updating their chosen browser.
Adode Security Bulletin
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street