"Stealth" Update for Flash from Adobe
[Update] Adobe now updated it's advisory and confirmed that version 16.0.0.296 fixes the o-day vulnerability (CVE-2015-0311). [2][3]
Adobe apparently just released Flash version 16.0.0.296. There is nothing on Adobe's website if this is a patch. As a matter of fact, Adobe still lists 16.0.0.287 as the most recent version [1]. You can download 16.0.0.296 if you manually check for updates using Flash.
This article will be updates as we learn more. I have NO IDEA if this new version fixes the current vulnerability, but given that this is a surprise weekend release, chances are that it was released in response to the vulnerability. Apply this update at your own risk.
Thanks to Christopher for noticing!
[1] http://www.adobe.com/software/flash/about/
[2] http://helpx.adobe.com/security/products/flash-player/apsa15-01.html
[3] http://blogs.adobe.com/psirt/?p=1160
Application Security: Securing Web Apps, APIs, and Microservices | Online | US Eastern | Jan 27th - Feb 1st 2025 |
Comments
UPDATE (January 24): Users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 16.0.0.296 beginning on January 24. This version includes a fix for CVE-2015-0311. Adobe expects to have an update available for manual download during the week of January 26, and we are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11. For more information on updating Flash Player please refer to this post.
Anonymous
Jan 24th 2015
9 years ago
Anonymous
Jan 24th 2015
9 years ago
"...
UPDATE (January 24): users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 16.0.0.296 beginning on January 24. This version includes a fix for CVE-2015-0311. Adobe expects to have an update available for manual download during the week of January 26, and we are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11. For more information on updating Flash Player, please refer to this post. We will continue to provide updates on this issue via the Adobe PSIRT blog."
Anonymous
Jan 25th 2015
9 years ago
And somebody noticed that the new version showed 16,0,0,296 (commas instead of dots) when it installed for them. Might want to check that it wasn't pushed out too quickly.
Corporate GPO push will be waiting until sometime next week for the redistribution exe and msi installers to be upgraded.
Anonymous
Jan 25th 2015
9 years ago
"UPDATE (January 24): Users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 16.0.0.296 beginning on January 24. This version includes a fix for CVE-2015-0311. Adobe expects to have an update available for manual download during the week of January 26, and we are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11. For more information on updating Flash Player please refer to this post."
And:
"Revisions
January 24, 2015: Updated to include Flash Player version delivered via auto-update.
January 24, 2015: Updated to reflect reports that Windows 8.1 is also affected by CVE-2015-0311."
From: https://helpx.adobe.com/security/products/flash-player/apsa15-01.html
Anonymous
Jan 25th 2015
9 years ago
Anonymous
Jan 25th 2015
9 years ago
http://www.adobe.com/products/flashplayer/distribution3.html
Flash Player 16.0.0.296 (Win and Mac)
Anonymous
Jan 25th 2015
9 years ago
Anonymous
Jan 26th 2015
9 years ago
Anonymous
Feb 3rd 2015
9 years ago