Endpoint Protection

 View Only

Adobe releases monthly updates early to patch Flash zero-day vulnerability 

Dec 28, 2015 02:32 PM

adobe flash zero day.jpg

Adobe released its monthly security updates for January today, much earlier than its usual schedule of the middle of each month. The vendor accelerated the release of the patches because a zero-day vulnerability in Flash Player (CVE-2015-8651) was reportedly exploited in limited targeted attacks.

This zero-day vulnerability affects the following Flash Player versions in Windows, Mac OS X, Linux, and ChromeOS:

  • Adobe Flash Player Desktop Runtime versions and earlier for Windows and Mac
  • Adobe Flash Player Extended Support Release versions and earlier for Windows and Mac
  • Adobe Flash Player for Google Chrome versions and earlier for Windows, Mac, Linux, and ChromeOS
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 versions and earlier for Windows 10
  • Adobe Flash Player for Internet Explorer 10 and 11 versions and earlier for Windows 8.0 and 8.1
  • Adobe Flash Player for Linux versions and earlier for Linux

An attacker could exploit the vulnerability to remotely execute arbitrary code on an affected computer.

We recommend applying the Adobe patches to mitigate exploit attempts. Users can obtain updates directly from the Adobe Flash Player Download Center or by accepting the update prompt through their installed product. Users can fix Flash Player embedded in Chrome and Internet Explorer by updating their chosen browser.

Symantec offers the following detections in order to protect users from exploits that attempt to take advantage of CVE-2015-8651:



0 Favorited
0 Files

Tags and Keywords

Related Entries and Links

No Related Resource entered.