Now Reading
Adobe finds critical vulnerability in Flash Player and earlier, urges users to update ASAP

Adobe finds critical vulnerability in Flash Player and earlier, urges users to update ASAP

by AshwinDecember 29, 2015

Adobe Flash Player has once again been found to have some security holes, for the umpteenth time this year.

Adobe Flash Player

Earlier this year, the infamous, yet most commonly used web content plugin, was the target of attackers, who exploited a critical vulnerability in it, to breach the systems of a security firm, and stole large chunks of data.

This was followed by an outcry from many users, including Alex Stamos, Facebook’s Chief Security Officer, who called for Adobe to end support for Flash, and by Mozilla, which temporarily banned the insecure plugin from its Firefox browser. Ironically though, Mozilla has stated it would support Flash beyond 2016, despite announcing the end of support for other NPAPI plugins, by the end of next year.

Adobe has announced that it has found some critical vulnerabilities in its Flash Player, but did not provide more details on how it was reported.

The Security Bulletin from the company does mention that several security researches from various groups/companies including Google’s Project Zero, Qihoo 360, Huawei, HP and others, have reported several security vulnerabilities, in Flash Player, to Adobe.

Some of these could be the “critical issues” which Adobe is referring to. The announcement page states that the vulnerabilities have the potential to allow an attacker to gain control of the affected system.

Apparently, the company is also aware that one of these vulnerabilities (CVE-2015-8651) is exploited by hackers and is “being used in limited, targeted attacks.”

Adobe Flash Player has been updated to address the issues in question.

To find out which version of Adobe Flash Player you have on your computer, visit the Flash plugin check page at the official website. It should tell you if your plugin is up to date, and if it finds an older version, it will throw an error message like the one you see in the above screenshot.

Impacted versions of Adobe Flash Player are:

  • Desktop Runtime version and earlier, Extended Release and earlier for Windows and Mac OS X.
  • Adobe Flash Player for Google Chrome and earlier for  Windows, Mac OS X, Linux and ChromeOS
  • Adobe Flash Player  and earlier for Microsoft Edge, Internet Explorer 11, Internet Explorer 10.

Adobe is urging users to update their Flash Player to version as soon as possible, to prevent security issues.

We can expect Google Chrome to get an update for fixing the issue, in its built-in Flash plugin, called Pepper Flash. And similarly, Microsoft is also expected to update the Flash plugins, which it ships with Internet Explorer and Microsoft Edge.

Additionally, Adobe AIR is also affected by the same issue. Yu can find more info about it at the announcement page.