IT'S PATCH WEEK again for Adobe Flash Player, and this time the update is designed to fix a critical security bug in the much-maligned browser's multimedia plug-in.
Flash Player has been updated to version 188.8.131.526 to solve the vulnerability previously identified in the APSA15-01 Security Bulletin. The bulletin now contains information about the new version.
Flash Player 184.108.40.2066 was released with auto-update enabled on 24 January, two days earlier than the expected distribution date.
The standalone release was released on 26 January, as Adobe anticipated in the original bulletin, and users or sysadmins can download the full exe/msi installer straight from the official site.
Flash Player 220.127.116.116 is now available for Internet Explorer and the plug-in based browsers on Windows and Mac systems.
A new version (18.104.22.1680) is available for Linux operating systems and Oracle Solaris on the same page that provides the Windows/Mac versions.
Adobe is also said to be working with the company's "distribution partners" to make the update available for those browsers that embed the Flash plug-in, namely Internet Explorer 10 and 11 and Google Chrome.
Flash Player 22.214.171.1246 is meant to end the exploitation of a zero-day vulnerability classified as CVE-2015-0311, for which a working exploit was already circulating in the wild.
Successful attacks via drive-by downloads were confirmed against machines running Internet Explorer and Firefox on Windows 8.1 and below.
The bug "could cause a crash and potentially allow an attacker to take control of the affected system", Adobe warned in the original security bulletin.
Installing the updated version of the Flash Player plug-in is recommended.
The new Flash Player release contains no new features apart from fixing the CVE-2015-0311 bug. µ
Being in a minority of one doesn't make you right
WeWork needs a rework
Because who wants any surprises
Viv-oh no they didn't