Friday, October 16, 2015

IMPERATIVE Adobe Flash Security Update v19.0.0.226
No updates yet for AIR or Shockwave



Adobe provided an emergency release of Flash v19.0.0.226 today, which patches the current zero-day exploit going on in-the-wild. You can read the Adobe Security Bulletin about it here:
Vulnerability Details 
These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2015-7645, CVE-2015-7647, CVE-2015-7648).
Whether you want to actually reinstall Flash is another matter.

CVE-2015-7645 was the security vulnerability being actively exploited on the Internet.

NOTE: Adobe AIR and Shockwave have NOT yet been updated with this patched version of Flash! Therefore, Do No Use AIR or SHOCKWAVE at this time.

As usual: Keep in mind that Adobe AIR and Shockwave both integrate Flash and remain vulnerable to its security exploits until they too are updated. In the case of Shockwave, Adobe has been outrageously lax in keeping it up-to-date. I highly recommend trashing Shockwave permanently and doubt you're going to miss it.

~ ~ ~ ~ ~

Here's something ScARy for Halloween!
Check this out.
It's from 2009.
But may be just as true today.

Happy PWNing!


No comments:

Post a Comment