Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Adobe addresses new 'actively exploited' critical vulnerability in Flash, users urged to update

Yet another severe flaw in Adobe's much-maligned Flash Player has been discovered and is being "actively exploited," the company said on Tuesday, and users with Flash installed are being urged to upgrade to the latest version as soon as possible.

The flaw —  assigned CVE ID 2015-3113 — affects Flash Player version 18.0.0.161 and earlier as well as Flash Player Extended Support Release version 13.0.0.292 and earlier on both Windows and Mac. In a security advisory, Adobe said it is aware of "limited, targeted attacks" exploiting this flaw, though known attacks are limited to Windows systems for now.

According to the National Vulnerability Database, CVE-2015-3113 is a "heap-based buffer overflow" which "allows remote attackers to execute arbitrary code via unspecified vectors."

Mac users with Flash installed separately should update to version 18.0.0.194. Those who have Flash Player's automatic update capability enabled —  or those who use Chrome, which ships its own version of Flash —  should have already received the patch.

Users can check the version of Flash installed on their system by visiting Adobe's About Flash Player page or right-clicking on Flash content in their browser and choosing "About Adobe (or Macromedia) Flash Player" from the contextual menu. Instructions for enabling automatic updates or manually updating Flash can be found here.



54 Comments

MacPro 18 Years · 19845 comments

[quote name="sog35" url="/t/186905/adobe-addresses-new-actively-exploited-critical-vulnerability-in-flash-users-urged-to-update#post_2739392"]I freakin hate Flash. Every month there is a new explotable error. [/quote] I only have it on my MBP, I keep it off Macs I work on, but it seems to require an update twice a week these days. It is pathetic that some major web sites still have no alternative to Flash for much of their content. The BBC, one of my favorite sites is a prime example of this Luddite attitude. I suspect that is the exact right phrase too!

🍪
andreid 13 Years · 96 comments

Oh no!!!! How many times did we read titles like this?! Too many i'm afraid...and people still don't get it. Flash sucks and must die. http://occupyflash.org

gregquinn 13 Years · 77 comments

Quote:
Originally Posted by AndreiD 

How many times did we read titles like this?!

Every time is a black eye for Adobe. At some point (soon) they should retire the product.

🎅
suddenly newton 14 Years · 13819 comments

Just die already, Flash. You prolong the inevitable, Adobe.

🎁
super_mac_boy 19 Years · 26 comments

Terrible software that has over the years been shoehorned into a virus laden monstrosity. Adobe needs to kill this lame technology, ASAP.