• »
  • Latest Threats
  • Desktop
  • Server
  • critical Severity (Can fully compromise system)

Adobe Flash and Air vulnerabilities patched on October 14 are already in exploit kits

critical Severity            Affects:
Adobe Flash Player 15.0.0.167 and earlier versions
Adobe Flash Player 13.0.0.244 and earlier 13.x versions
Adobe Flash Player 11.2.202.406 and earlier versions for Linux
Adobe AIR desktop runtime 15.0.0.249 and earlier versions
Adobe AIR SDK 15.0.0.249 and earlier versions
Adobe AIR SDK & Compiler 15.0.0.249 and earlier versions
Adobe AIR 15.0.0.252 and earlier versions for Android

Adobe Flash and Adobe Air vulnerabilities, patched and released with Adobe security bulletin APSB14-22, have already been found in the arsenal of Fiesta Exploit Kit and Angler Exploit Kit.

Reported in advisory CVE-2014-0497the vulnerabilities could allow an unauthenticated remote attacker to execute arbitrary code. The attacker could exploit this vulnerability by persuading a user to visit a malicious web page that contains crafted Flash content. If successful, the attacker could execute arbitrary code in the security context of the affected application. If the application is running with elevated privileges, this could result in a complete system compromise.

  

RECOMMENDATION

The security hole has already been patched with the release of Security bulletin ASPB14-22.


Here are the instructions from the bulletin for each compromised software:

- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh update to Adobe Flash Player 15.0.0.189 by visiting the Adobe Flash Player Download Center, or via the update mechanism within the product when prompted.

Users of the Adobe Flash Player Extended Support Release should update to version 13.0.0.250 by visiting http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html.

-Users of Adobe Flash Player for Linux update to Adobe Flash Player 11.2.202.411 by visiting the Adobe Flash Player Download Center.

-Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 15.0.0.189.

-Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 15.0.0.189.

-Users of the Adobe AIR desktop runtime should update to version 15.0.0.293 by visiting the Adobe AIR Download Center.

-Users of the Adobe AIR SDK should update to version 15.0.0.302 by visiting the Adobe AIR Download Center.

-Users of the Adobe AIR SDK & Compiler should update to version 15.0.0.302 by visiting the Adobe AIR Download Center.

-Users of the Adobe AIR for Android should update to Adobe AIR 15.0.0.293 by downloading the new version from the Google Play store.