Latest Update Patches 78 CVE-classified Flash Security Vulnerabilities

Outsmart Malicious Hackers


So as a rule, in 2015 running Adobe Flash is already pretty scary – but the latest patch release covers 78 CVE-classified Flash security vulnerabilities.

That’s not scary, that’s terrifying.

Latest Update Patches 78 CVE-classified Flash Security Vulnerabilities

By now you kinda expect flaws in Flash, it’s just a given. But 78 CVE-classified vulnerabilities in one patch release? That’s just insane, that’s worse than the worst Windows release.

Adobe has released another update to address dozens of flaws in its Flash Player browser plug-in.

The December update fixes 78 CVE-classified security vulnerabilities in Flash Player for OS X, Windows, Linux, and Android. The patch includes 75 separate vulnerabilities that could be exploited by an attacker to remotely execute code on a vulnerable system.

In addition to the 75 remote code execution flaws, the update addresses three CVE-listed vulnerabilities that could allow for security bypasses. Adobe said it has not yet received any reports of the flaws being targeted in the wild.

Adobe is advising users running OS X and Windows to update their copy of Flash Player to version 20 or later, while Chrome, IE 11, and Microsoft Edge users will receive their updates through the browser. Adobe classifies the fix as a top priority for all Windows, OS X, and Linux browser versions.


So yah if you or your organisation is running Flash, don’t – just please stop. You don’t even have to visit dodgy sites any more, visit a legitimate site with a compromised ad banner and boom – you’re owned.

For example the Dailymotion malvertising attack that took place just a few days ago.

Users running Adobe AIR and AIR SDK for Windows, OS X, Android, or iOS are also advised to update their software to address the vulnerabilities.

Many will point to this latest update as yet another reason for developers, users, and site operators to minimize or outright eliminate the use of Flash. With more-secure platforms such as HTML5 gaining adoption, alternatives to the bug-riddled Flash are only growing more attractive.

Researchers have found that even when the browser-facing components of Flash are disabled, code can be injected into other documents that launches and then exploits vulnerabilities, leaving an outright removal the only option.

Even Adobe is nudging customers away from Flash, renaming its most-recent version of Flash Tools “Animator” and encouraging a move over to HTML5.

HTML5 can do everything that Flash was designed to do, I think people just want to commit the development time into replacing this obsolete technology. Adverts are still flash, non-youtube videos on the majority of the web are still Flash, interactive site elements are still Flash, some shitty website are still entirely built in Flash.

I turned off Flash long ago, but it still saddens me that today, at the end of 2015 – that still breaks parts of the Internet for me.

Please, give the World a great Xmas present and just KILL FLASH.

Source: The Register

Posted in: Exploits/Vulnerabilities

, , , , ,


Latest Posts:


What You Need To Know About KRACK WPA2 Wi-Fi Attack What You Need To Know About KRACK WPA2 Wi-Fi Attack
The Internet has been blowing up in the past week about the KRACK WPA2 attack that is extremely widespread and is a flaw in the Wi-Fi standard itself.
Spaghetti Download - Web Application Security Scanner Spaghetti Download – Web Application Security Scanner
Spaghetti is an Open-source Web Application Security Scanner, it is designed to find various default and insecure files, configurations etc.
Taringa Hack - 27 Million User Records Leaked Taringa Hack – 27 Million User Records Leaked
The Taringa hack is actually one of the biggest leaks of the year with 27 million weakly hashed passwords breached, but it's not often covered in the West.
A2SV - Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed A2SV – Auto Scanning SSL Vulnerability Tool For Poodle & Heartbleed
A2SV is a Python-based SSL Vulnerability focused tool that allows for auto-scanning and detection of the common and well-known SSL Vulnerabilities.
VHostScan - Virtual Host Scanner With Alias & Catch-All Detection VHostScan – Virtual Host Scanner With Alias & Catch-All Detection
VHostScan is a Python-based virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.
Equifax Hack Blamed On Single Employee Equifax Hack Blamed On Single Employee
We wrote about the Equifax Hack, Data Breach and Leak last month, which happened due to a flaw in Apache Struts that for some reason hadn't been patched.


Comments are closed.