Security Alert (A15-06-05): Vulnerability in Adobe Flash Player

Description:

Security updates are released for Adobe Flash Player to address a vulnerability caused by heap buffer overflow. To successfully exploit the vulnerabilities, a remote attacker could entice a targeted user to open a specially crafted web page, Flash file, or document that supports embedded Flash content.

Affected Systems:

• Adobe Flash Player 18.0.0.161 and earlier versions
• Adobe Flash Player 13.0.0.292 and earlier 13.x versions
• Adobe Flash Player 11.2.202.466 and earlier 11.x versions

Impact:

A successful attack could lead to arbitrary code execution.

Recommendation:

Upgrade Adobe Flash Player to the following versions to address the issue. The upgrade can be obtained by using the auto-update mechanism or by downloading at the following URLs;

• Adobe Flash Player 18.0.0.194
  http://www.adobe.com/go/getflash
  http://www.adobe.com/products/players/flash-player-distribution.html
  
  
• Adobe Flash Player 13.0.0.296
  http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html
  
  
• Adobe Flash Player 11.2.202.468
  http://www.adobe.com/go/getflash
  
  
• Adobe Flash Player 18.0.0.194 for Google Chrome
  http://googlechromereleases.blogspot.com/
  
  
• Adobe Flash Player 18.0.0.194 for Internet Explorer 10 & 11
  https://support.microsoft.com/kb/3074219
  
  

If you have multiple browsers, you are required to perform the Adobe Flash Player upgrade for each browser, the Flash Player version can be checked at http://www.adobe.com/software/flash/about/

More Information:

https://helpx.adobe.com/security/products/flash-player/apsb15-14.html
https://www.hkcert.org/my_url/en/alert/15062401
https://www.us-cert.gov/ncas/current-activity/2015/06/23/Adobe-Releases-Security-Updates-Flash-Player
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3113