Latest Update Patches 78 CVE-classified Flash Security Vulnerabilities


So as a rule, in 2015 running Adobe Flash is already pretty scary – but the latest patch release covers 78 CVE-classified Flash security vulnerabilities.

That’s not scary, that’s terrifying.

Latest Update Patches 78 CVE-classified Flash Security Vulnerabilities

By now you kinda expect flaws in Flash, it’s just a given. But 78 CVE-classified vulnerabilities in one patch release? That’s just insane, that’s worse than the worst Windows release.

Adobe has released another update to address dozens of flaws in its Flash Player browser plug-in.

The December update fixes 78 CVE-classified security vulnerabilities in Flash Player for OS X, Windows, Linux, and Android. The patch includes 75 separate vulnerabilities that could be exploited by an attacker to remotely execute code on a vulnerable system.

In addition to the 75 remote code execution flaws, the update addresses three CVE-listed vulnerabilities that could allow for security bypasses. Adobe said it has not yet received any reports of the flaws being targeted in the wild.

Adobe is advising users running OS X and Windows to update their copy of Flash Player to version 20 or later, while Chrome, IE 11, and Microsoft Edge users will receive their updates through the browser. Adobe classifies the fix as a top priority for all Windows, OS X, and Linux browser versions.


So yah if you or your organisation is running Flash, don’t – just please stop. You don’t even have to visit dodgy sites any more, visit a legitimate site with a compromised ad banner and boom – you’re owned.

For example the Dailymotion malvertising attack that took place just a few days ago.

Users running Adobe AIR and AIR SDK for Windows, OS X, Android, or iOS are also advised to update their software to address the vulnerabilities.

Many will point to this latest update as yet another reason for developers, users, and site operators to minimize or outright eliminate the use of Flash. With more-secure platforms such as HTML5 gaining adoption, alternatives to the bug-riddled Flash are only growing more attractive.

Researchers have found that even when the browser-facing components of Flash are disabled, code can be injected into other documents that launches and then exploits vulnerabilities, leaving an outright removal the only option.

Even Adobe is nudging customers away from Flash, renaming its most-recent version of Flash Tools “Animator” and encouraging a move over to HTML5.

HTML5 can do everything that Flash was designed to do, I think people just want to commit the development time into replacing this obsolete technology. Adverts are still flash, non-youtube videos on the majority of the web are still Flash, interactive site elements are still Flash, some shitty website are still entirely built in Flash.

I turned off Flash long ago, but it still saddens me that today, at the end of 2015 – that still breaks parts of the Internet for me.

Please, give the World a great Xmas present and just KILL FLASH.

Source: The Register

Posted in: Exploits/Vulnerabilities

, , , , ,


Latest Posts:


Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.
UBoat - Proof Of Concept PoC HTTP Botnet Project UBoat – Proof Of Concept PoC HTTP Botnet Project
UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.
LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.
HiddenWall - Create Hidden Kernel Modules HiddenWall – Create Hidden Kernel Modules
HiddenWall is a Linux kernel module generator used to create hidden kernel modules to protect your server from attackers.
Anteater - CI/CD Security Gate Check Framework Anteater – CI/CD Security Gate Check Framework
Anteater is a CI/CD Security Gate Check Framework to prevent the unwanted merging of filenames, binaries, deprecated functions, staging variables and more.


Comments are closed.