AppleInsider Staff
Yet another severe flaw in Adobe's much-maligned Flash Player has been discovered and is being "actively exploited," the company said on Tuesday, and users with Flash installed are being urged to upgrade to the latest version as soon as possible.
The flaw — Â assigned CVE ID 2015-3113 — affects Flash Player version 18.0.0.161 and earlier as well as Flash Player Extended Support Release version 13.0.0.292 and earlier on both Windows and Mac. In a security advisory, Adobe said it is aware of "limited, targeted attacks" exploiting this flaw, though known attacks are limited to Windows systems for now.
According to the National Vulnerability Database, CVE-2015-3113 is a "heap-based buffer overflow" which "allows remote attackers to execute arbitrary code via unspecified vectors."
Mac users with Flash installed separately should update to version 18.0.0.194. Those who have Flash Player's automatic update capability enabled — Â or those who use Chrome, which ships its own version of Flash — Â should have already received the patch.
Users can check the version of Flash installed on their system by visiting Adobe's About Flash Player page or right-clicking on Flash content in their browser and choosing "About Adobe (or Macromedia) Flash Player" from the contextual menu. Instructions for enabling automatic updates or manually updating Flash can be found here.
William Gallagher
Malcolm Owen
Andrew Orr
Sponsored Content
Wesley Hilliard
Christine McKee
54 Comments
[quote name="sog35" url="/t/186905/adobe-addresses-new-actively-exploited-critical-vulnerability-in-flash-users-urged-to-update#post_2739392"]I freakin hate Flash. Every month there is a new explotable error. [/quote] I only have it on my MBP, I keep it off Macs I work on, but it seems to require an update twice a week these days. It is pathetic that some major web sites still have no alternative to Flash for much of their content. The BBC, one of my favorite sites is a prime example of this Luddite attitude. I suspect that is the exact right phrase too!
Oh no!!!! How many times did we read titles like this?! Too many i'm afraid...and people still don't get it. Flash sucks and must die. http://occupyflash.org
How many times did we read titles like this?!
Every time is a black eye for Adobe. At some point (soon) they should retire the product.
Just die already, Flash. You prolong the inevitable, Adobe.
Terrible software that has over the years been shoehorned into a virus laden monstrosity. Adobe needs to kill this lame technology, ASAP.