Adobe has published a Security Bulletin for the Adobe Flash Player Remote Code Execution Vulnerability (CVE-2015-3113). The new Security Bulletin, APSB15-14, identifies a heap buffer overflow vulnerability which affects various versions of Adobe Flash Player across multiple platforms. Exploitation of this critical vulnerability could allow an attacker to remotely execute arbitrary code. Adobe has acknowledged reports of this vulnerability being exploited in the wild in limited targeted attacks.
The following versions of Adobe Flash Player are vulnerable:
Symantec Security Response is continuing to monitor the situation for additional information related to this vulnerability and will provide further guidance once it is available.
We recommend applying the vendor-supplied patches to mitigate possible exploitation. Updates can be obtained directly from the Adobe Flash Player Download Center or by accepting the update prompt through the installed product. Versions of Flash Player embedded in Chrome and Internet Explorer can be updated to non-vulnerable versions by updating the respective browsers.
Update–June 30, 2015: Symantec has implemented the following detections to protect users from exploits that attempt to take advantage of this Adobe Flash Player vulnerability:
AV
IPS