Latest Update Patches 78 CVE-classified Flash Security Vulnerabilities

Use Netsparker


So as a rule, in 2015 running Adobe Flash is already pretty scary – but the latest patch release covers 78 CVE-classified Flash security vulnerabilities.

That’s not scary, that’s terrifying.

Latest Update Patches 78 CVE-classified Flash Security Vulnerabilities

By now you kinda expect flaws in Flash, it’s just a given. But 78 CVE-classified vulnerabilities in one patch release? That’s just insane, that’s worse than the worst Windows release.

Adobe has released another update to address dozens of flaws in its Flash Player browser plug-in.

The December update fixes 78 CVE-classified security vulnerabilities in Flash Player for OS X, Windows, Linux, and Android. The patch includes 75 separate vulnerabilities that could be exploited by an attacker to remotely execute code on a vulnerable system.

In addition to the 75 remote code execution flaws, the update addresses three CVE-listed vulnerabilities that could allow for security bypasses. Adobe said it has not yet received any reports of the flaws being targeted in the wild.

Adobe is advising users running OS X and Windows to update their copy of Flash Player to version 20 or later, while Chrome, IE 11, and Microsoft Edge users will receive their updates through the browser. Adobe classifies the fix as a top priority for all Windows, OS X, and Linux browser versions.


So yah if you or your organisation is running Flash, don’t – just please stop. You don’t even have to visit dodgy sites any more, visit a legitimate site with a compromised ad banner and boom – you’re owned.

For example the Dailymotion malvertising attack that took place just a few days ago.

Users running Adobe AIR and AIR SDK for Windows, OS X, Android, or iOS are also advised to update their software to address the vulnerabilities.

Many will point to this latest update as yet another reason for developers, users, and site operators to minimize or outright eliminate the use of Flash. With more-secure platforms such as HTML5 gaining adoption, alternatives to the bug-riddled Flash are only growing more attractive.

Researchers have found that even when the browser-facing components of Flash are disabled, code can be injected into other documents that launches and then exploits vulnerabilities, leaving an outright removal the only option.

Even Adobe is nudging customers away from Flash, renaming its most-recent version of Flash Tools “Animator” and encouraging a move over to HTML5.

HTML5 can do everything that Flash was designed to do, I think people just want to commit the development time into replacing this obsolete technology. Adverts are still flash, non-youtube videos on the majority of the web are still Flash, interactive site elements are still Flash, some shitty website are still entirely built in Flash.

I turned off Flash long ago, but it still saddens me that today, at the end of 2015 – that still breaks parts of the Internet for me.

Please, give the World a great Xmas present and just KILL FLASH.

Source: The Register

Posted in: Exploits/Vulnerabilities

, , , , ,


Latest Posts:


NetBScanner - NetBIOS Network Scanner NetBScanner – NetBIOS Network Scanner
NetBScanner is a NetBIOS network scanner tool that scans all computers in the IP addresses range you choose, using the NetBIOS protocol.
Metta - Information Security Adversarial Simulation Tool Metta – Information Security Adversarial Simulation Tool
Metta is an information security preparedness tool in Python to help with adversarial simulation and assess security defense preparation and alerts.
Powershell-RAT - Gmail Exfiltration RAT Powershell-RAT – Gmail Exfiltration RAT
Powershell-RAT is a Python-based Gmail exfiltration RAT that can be used a Windows backdoor to send screenshots or other data as an e-mail attachment.
SCADA Hacking - Industrial Systems Woefully Insecure SCADA Hacking – Industrial Systems Woefully Insecure
It seems like SCADA hacking is still a topic in hacker conferences, and it should be with SCADA systems still driving power stations, manufacturing plants etc.
airgeddon - Wireless Security Auditing Script airgeddon – Wireless Security Auditing Script
Airgeddon is a Bash powered multi-use Wireless Security Auditing Script for Linux systems with an extremely extensive feature list.
Acunetix v12 - Pause & Resume Acunetix v12 – More Comprehensive More Accurate & 2x Faster
Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix v12 - more comprehensive, accurate & 2x faster.


Comments are closed.