Adobe Flash critical security update

[GomJabbar]

Content edited.

Flash Player update available to address security vulnerabilities

Summary

A potential vulnerability has been identified in Adobe Flash Player 10.0.12.36 and earlier that could allow an attacker who successfully exploits this potential vulnerability to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit this potential vulnerability. Additional vulnerabilities have been addressed in this update. Adobe recommends users update to the most current version of Flash Player available for their platform.

Affected software versions

Adobe Flash Player 10.0.12.36 and earlier (Adobe Flash Player 10.0.15.3 and earlier for Linux)

Solution

Adobe recommends all users of Adobe Flash Player 10.0.12.36 and earlier versions upgrade to the newest version 10.0.22.87 by downloading it from the Player Download Center, or by using the auto-update mechanism within the product when prompted.

For users who cannot update to Flash Player 10, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.159.0, which can be downloaded from the following link.

Severity rating

Adobe categorizes this as a critical update and recommends affected users upgrade to version 10.0.22.87.

http://www.adobe.com/support/security/b ... 09-01.html

[Puppy]

Disable your Flash Player now !
https://blog.malwarebytes.org/exploits- ... -the-wild/

There is new version 16.0.0.287 released today but according this report it does not fix the vulnerability above yet.

[Puppy]

Third serious Flash vulnerability within a week http://blog.trendmicro.com/trendlabs-se ... tisements/

[ajkula66]

I *hate* Flash with the heat of a newly minted dwarf star...

[GomJabbar]

Yep...

Security Advisory for Adobe Flash Player
Release date: February 2, 2015

Vulnerability identifier: APSA15-02

CVE number: CVE-2015-0313

Platform: All Platforms

Summary
A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below.

Adobe expects to release an update for Flash Player during the week of February 2. For more information on updating Flash Player please refer to this post.

Affected software versions
Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh
Adobe Flash Player 13.0.0.264 and earlier 13.x versions

https://helpx.adobe.com/security/produc ... 15-02.html

[RealBlackStuff]

They still have not made another version.
OTOH: who cares? I don't use/need it.