Initially, the new version was not available from the main Flash download page, although computers with Flash’s automatic update feature enabled did download and install it. As of January 27, the new version is available on the Flash download page.
Anyone using a web browser with Flash enabled should install the new version as soon as possible.
On Thursday, Adobe announced an update that addresses a recently-discovered vulnerability in Flash. According to Adobe, the vulnerability addressed by Flash 16.0.0.287 is CVE-2015-0310.
Anyone using a web browser with Flash enabled should install the new Flash as soon as possible.
Apparently there is at least one additional vulnerability in Flash that affects even the most current version (16.0.0.287) and is currently being exploited in the wild. This zero-day vulnerability is identified as CVE-2015-0311. According to Adobe, they are working on a patch, which should be available in the next few days.
SANS has a useful summary of the recent updates and vulnerabilities related to Flash.
The latest version of Google’s web browser includes fixes for a whopping 62 security issues. Chrome should update itself to version 40.0.2214.91 automatically.
Users are being encouraged to upgrade from Java 7 to Java 8. The download page now offers Java 8 instead of Java 7. Computers configured for Java auto-updates will be automatically upgraded from 7 to 8. And according to Oracle, Java 7 will see its final updates in April 2015.
The latest version of Firefox fixes several security issues and other bugs. Firefox 35 also includes improvements to the new search interface and the built-in ‘Hello’ chat feature.
Anyone who uses Firefox should install the new version as soon as possible.
The latest version of Google’s web browser includes the latest version of Flash (16.0.0.257) as well as some other bug fixes. Anyone using an older version of Chrome should update to version 39.0.2171.99 as soon as possible.
As usual, Google Chrome will update its embedded Flash automatically, and updates for the embedded Flash in Internet Explorer on Windows 8.x will be available via Windows Update.
Anyone using a web browser with Flash enabled should install the new Flash as soon as possible.
Update 2015Jan13: One of the updates in this batch is the source of some ill-will between Microsoft and Google. Google reported a Windows 8.1 vulnerability to Microsoft on October 13, and in keeping with its disclosure policies, made the vulnerability public 90 days later. By the time Microsoft got around to developing a fix, it was too late to make the patch available before the 90 day delay would end. Microsoft apparently asked Google to wait for the patch to be released on January 13, but Google stuck to its policy. Now Microsoft has publicly expressed its displeasure with Google. Information Week has additional details.
One of the updates from last week’s Patch Tuesday apparently caused problems for numerous Windows 7 and Windows Server 2008 users.
The update, KB3004394, was issued to increase the frequency of root certificate updates from weekly to daily, thereby improving overall system security.
Unfortunately, once the update was installed on affected computers, some software and driver installation programs no longer worked as expected.
Microsoft initially recommended uninstalling the problematic update, but has now released another update (KB3024777) that fixes the problem.
As expected, Google just announced a new version of Chrome with the latest embedded Flash. Version 39.0.2171.95 also includes fixes for a few minor issues. Aside from the Flash update, none of the changes appear to be related to security.
Rants and musings on topics of interest. Sometimes about Windows, Linux, security and cool software.
Close
Ad-blocker not detected
Consider installing a browser extension that blocks ads and other malicious scripts in your browser to protect your privacy and security. Learn more.
boot13