--
The all-too-familiar story: The single most dangerous software on the Internet has been exploited in-the-wild yet-again. The exploit is of CVE-2015-8651 (not yet documented at Mitre.org as of this date).
Adobe has provided the following security updates:
Flash v20.0.0.267
AIR v20.0.0.233
Adobe's security bulletin is HERE.
Summary
Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
Adobe is aware of a report that an exploit for CVE-2015-8651 is being used in limited, targeted attacks. . . .
Vulnerability DetailsAnd as usual: If you don't need Adobe Flash, uninstall it and never reinstall it again. Adobe's instructions for uninstalling Flash are HERE. Adobe's instructions for uninstalling AIR are about halfway down the page HERE.
These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2015-8644).
These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-8651).
These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650).
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-8459, CVE-2015-8460, CVE-2015-8636, CVE-2015-8645).
--