Yesterday, Adobe issued a new security bulletin warning of a new vulnerability in Flash, this one affecting the latest version of the plugin. The vulnerability left Flash open to exploits through which hackers could gain access to a machine, or that could cause the computer to crash. As with some other recent Flash vulnerabilities, the issue affected Linux, Windows, and Mac users, spreading the risk all around.
Adobe moved swiftly to address the issue, and today it has issued a patch that fixes the vulnerability (identifier APSB15-27). The company said it “is aware of a report” that indicates the latest version has been used in a limited fashion by ne’erdowells against targets. The security updates concern CVE numbers CVE-2015-7645, CVE-2015-7647, and CVE-2015-7648, according to today’s bulletin.
A few different versions of Flash is affected: desktop runtime and Chrome Flash Player 184.108.40.206 and earlier for Mac and Windows were affected, as well as extended support release 220.127.116.11 and earlier for Mac and Windows, Flash for Microsoft Edge/Internet Explorer 11 on Windows 10, Flash for Internet Explorer 10 and 11 on Windows 8 and 8.1, and 18.104.22.1685 for Linux.
Flash has been repeatedly affected by security issues that leave users vulnerable, so much so that companies have taken steps against it by disabling it in their browsers, and in some cases outright calling for Flash to be retired. If you’re running any version of Flash, be sure to check whether it has any updates available, and install them if so.