Adobe Flash Player 16.0.0.305 Feb 5th 2015


Userlevel 7
Badge +52


 
Download for Firefox, Safari, Opera: Adobe Flash Player 16.0.0.287 
Download for Internet Explorer: Adobe Flash Player 16.0.0.287 
Download: Adobe Flash Player Uninstaller 16.0.0.287 
View: Adobe Flash Player Website | Release Notes
 
Click here to check your version and Here to Download and here is an Alternate Download make sure you uncheck any unwanted add-ons and download both the one for IE and the other for other Browsers such as Firefox, Safari, Opera plugins!

12 replies

Userlevel 7
Badge +54
by Dennis Fisher January 22, 2015
 
Adobe has released an emergency update for Flash to address a zero-day vulnerability that is being actively exploited. The company also is looking into reports of exploits for a separate Flash bug not fixed in the new release, which is being used in attacks by the Angler exploit kit.
 
The vulnerability that Adobe patched Thursday is under active attack, but Adobe officials said that this flaw is not the one that security researcher Kafeine said Wednesday was being used in the Angler attacks.
 
“Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address a vulnerability that could be used to circumvent memory randomization mitigations on the Windows platform,” Adobe said in its advisory.
 
Full Article
Userlevel 7
Badge +56
CVE-2014-9162/CVE-2014-09163 (Flash 15.0.0.242 and below) integrating Exploit Kits
 
http://3.bp.blogspot.com/-z5LF4vOzbSs/VLor2iCtS0I/AAAAAAAAEOk/a6Pcx0vZ4A0/s1600/2015-01-16_15h13_33.png


[[ERRATUM - 2015-01-22]]
I couldn't write about it earlier but this is not CVE-2014-9162/9163.
It's CVE-2015-0310 which was an unpatched bug in Flash Player but as coder were not aware it seems (not fired to Flash > 15.0.0.242) this post was leaved untouched.
The CVE has been fixed the 2015-01-22 with Flash 16.0.0.287
http://helpx.adobe.com/security/products/flash-player/apsb15-02.html
[[erratum]]

CVE-2014-9162 and CVE-2014-9163 were patched on 2014-12-09. They are affecting Flash Player 15.0.0.242 and below.

Angler EK :
2015-01-15 <- It seems.
Angler EK was really rare those days (since december). I saw many delivery path migrating to Nuclear, Neutrino or Sweet Orange. The Flash exploit did not rotate between 2014-12-24 and yesterday (when it's usually rotating every 3-4 days). It seems they are now back from vacation with a new exploit which have been identified as a combination of CVE-2014-9162 and CVE-214-9163 by [REDACTED - mistake happen]
 
Sourse: Malware don't need Coffee
 
Daniel ;)
 
 
Userlevel 7
Badge +52
Adobe Flash Player 16.0.0.296
 
New and Updated Features in Adobe Flash Player 16.0:
 
Download Adobe Flash Player 16.0.0.296 (for Internet Explorer) 32/64-bit
Download Adobe Flash Player 16.0.0.296 (for all other browsers) 32/64-bit
Download Adobe Flash Player 16.0 for all OS

View: Adobe Flash Player Website | Release Notes
 
Click here to check your version and Here to Download and here is an Alternate Download make sure you uncheck any unwanted add-ons and download both the one for IE and the other for other Browsers such as Firefox, Safari, Opera plugins!
Userlevel 7
Badge +56
Here we go again Thanks Petr!
 
Daniel 😉
Userlevel 7
Badge +54
By Ionut Ilascu    27 Jan 2015 No evidence of the second glitch being exploited in the wild
 
On Tuesday, Adobe published the full security advisory for version 16.0.0.296 of Flash Player, noting that the revision includes a fix for a second vulnerability, that was not reported to be seen exploited in the wild.
 
One of the security flaws repaired is the infamous CVE-2015-0311 reported by French security researcher Kafeine, which was foisted by Angler expoit kit to infect user computers with Bedep, a malware piece performing ad-fraud. Full Article
Userlevel 7
Badge +52
Microsoft security advisory: Update for vulnerabilities in Adobe Flash Player in Internet Explorer: January 27, 2015
http://support.microsoft.com/kb/3035034/en-us
Userlevel 7
Badge +54
by Dennis Fisher     February 2, 2015

For the third time in the last couple of weeks, Adobe is dealing with a zero day vulnerability in Flash. The company is working on a patch for another Flash bug that is being exploited in drive-by download attacks.

Adobe officials released an advisory Monday warning users that attackers are exploiting a new vulnerability in Flash and said that they’re planning to release a patch for the flaw sometime this week. The vulnerability affects Flash on Windows, OS X and Linux.

“A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh.  Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.  We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below,” the Adobe advisory says.
 
Full Article
Userlevel 7
Badge +52
Adobe Security Bulletin
Security Advisory for Adobe Flash Player
Release date: February 2, 2015
Vulnerability identifier: APSA15-02
CVE number: CVE-2015-0313
Platform: All Platforms
https://helpx.adobe.com/security/products/flash-player/apsa15-02.html
Userlevel 7
Badge +56
Here we go again! :@
 
Daniel
Userlevel 7
Badge +54
by Michael Mimoso    February 4, 2015

Adobe announced today that it will begin distributing a patch for the third and most recent zero-day vulnerability in Flash Player.

Version 16.0.0.305 will be distributed to users who have enabled auto-update. Adobe said it expects to have a manual update available tomorrow.

“We are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11,” Adobe said in its advisory.

The new version addresses a use after free vulnerability, CVE-2015-0313, that is currently under attack. Exploits were folded into the Hanjuan Exploit Kit, according to researchers at Trustwave’s SpiderLab.
 
Full Article
Userlevel 7
Badge +52
Updated Flash Player 17 and AIR 17 betas, code named Octavia, are now available on Adobe Labs. This beta release includes new features as well as enhancements and bug fixes related to security, stability, performance, and device compatibility for Flash Player 17 and AIR 17.
 
Learn more about Adobe AIR 17 beta
Download Adobe AIR 17 beta
Learn more about Flash Player 17
Download Flash Player 17 beta
 
As always, we appreciate all feedback. We encourage you to post in our beta forums or create bug reports or feature requests on our public bug database.
Flash Player Beta forum
AIR Beta forum
Bug database
Userlevel 7
Badge +52
Adobe Flash Player 16.0.0.305
 
Download Adobe Flash Player 16.0.0.305 (for Internet Explorer) 32/64-bit
Download Adobe Flash Player 16.0.0.305 (for all other browsers) 32/64-bit
 
View: Adobe Flash Player Website | Release Notes
 
Click here to check your version and Here to Download and here is an Alternate Download make sure you uncheck any unwanted add-ons and download both the one for IE and the other for other Browsers such as Firefox, Safari, Opera plugins!

Reply