Adobe patches Flash against latest flaw – but how long until the next zero-day bug?

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Flash patchGood news for the many users of Flash out there – Adobe has issued a fixed version (16.0.0.305) which reportedly fixes a vulnerability that has been exploited by web adverts on sites such as DailyMotion.

The vulnerability, which exists in all supported platforms including Windows, Mac OS X and Linux, is known as CVE-2015-0313, and was being actively exploited by hackers who were installing malware on visiting computers running Internet Explorer and Firefox on Windows 8.1 and earlier.

According to an updated Adobe security advisory, automatic updates began rolling out yesterday:

Users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 16.0.0.305 beginning on February 4. This version includes a fix for CVE-2015-0313. Adobe expects to have an update available for manual download on February 5, and we are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11.

Sign up to our free newsletter.
Security news, advice, and tips.

Sure enough, when I checked my Mac System Preferences I was able to determine that Flash had automagically updated itself without me having to do anything.

Flash updated

You can check which version of Flash you have installed on your computer here.

Earlier this week I explained how to enable click to play in your web browser to prevent Flash elements from automatically running when you visit a webpage which contains Flash content – and this continues to be a good idea to better protect yourself from future attacks.

The sad truth is that this is just the latest in a series of recently-discovered exploitable vulnerabilities in Flash. It’s not going to be the last. Chances are that there is another zero-day vulnerability in Adobe Flash just around the corner.

Protect yourself now by either removing Flash from your computers or (if as is likely) you decide that’s unviable, enabling “Click to Play” to give your computers an additional layer of protection against Flash attacks.

Alternatively, keep your head in the sand and sing along with the following…

[vine url=https://vine.co/v/OFIhWeOY6LL width=600 height=600]


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

3 comments on “Adobe patches Flash against latest flaw – but how long until the next zero-day bug?”

  1. John

    Thanks for these updates. Your work is so helpful these days!

    After you last article, I decided to set all browsers into the click-and-play mode. After browsing for about a day, I must say that I am quite shocked by the number of sites that still rely on Flash, and do so heavily. Who ever heard about HTML5, errr… ?? That, in itself, makes me think: "if they can't or won't move their site to HTML5, what else should I not be trusting here?".

    So thank you for your input – and hell, I will certainly keep clicking, although sometimes it's a bit of a hassle.

  2. Chris Thomas

    Windows (XP and later) users can harden their web browser processes by using Malwarebytes Anti-Exploit which is free when web browsers alone are protected. Anti-Exploit Free protects browsers with the following executable filenames: –
    chrome.exe
    firefox.exe
    iexplore.exe
    opera.exe

    Anti-exploit protection covers plugins run by the above. This includes Adobe Flash.

    I have no connection with Malwarebytes, a highly reputable and respectable firm.

  3. Chris Thomas

    I have a hunch that Adobe Flash is lighter on computer resources than HTML5 alternatives. I find that Youtube plays far smoother when played on Opera 12 than on Firefox 35. Hmmmmm.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.