Flash Player Security Advisory - 2015.7.7
FYI...
Flash Player Security Advisory
- https://helpx.adobe.com/security/pro...apsa15-03.html
July 7, 2015
CVE number: CVE-2015-5119
Platform: Windows, Macintosh and Linux
Summary: A critical vulnerability (CVE-2015-5119) has been identified in Adobe Flash Player 18.0.0.194 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit targeting this vulnerability has been published publicly. Adobe expects to make updates available on July 8, 2015.
Affected software versions:
- Adobe Flash Player 18.0.0.194 and earlier versions for Windows and Macintosh
- Adobe Flash Player Extended Support Release version 13.0.0.296 and earlier 13.x versions for Windows and Macintosh
- Adobe Flash Player 11.2.202.468 and earlier 11.x versions for Linux..."
___
Flash 0-day - Use-After-Free Vuln
- https://www.us-cert.gov/ncas/current...-Vulnerability
July 07, 2015
___
- http://arstechnica.com/security/2015...into-the-wild/
Jul 7, 2015 - "... Until a fix is installed, readers should consider -disabling- Flash, particularly when browsing websites they are unfamiliar with..."
Flash 0-Day Integrated Into Exploit Kits
- http://blog.trendmicro.com/trendlabs...-exploit-kits/
July 7, 2015 - "... one of the payloads being spread in this manner as CryptoWall 3.0, particularly by the Angler exploit kit..."
