Adobe has just released an update to address a vulnerability found in its Flash Player browser plug-in. In its security advisory (APSB15-14), Adobe notes that this vulnerability “is being actively exploited in the wild via limited, targeted attacks. Systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP, are known targets.”
The critical flaw (CVE-2015-3113) could potentially allow an attacker to take control of the affected system. The affected software versions are the following:
- Adobe Flash Player 18.104.22.168 and earlier versions for Windows and Mac
- Adobe Flash Player Extended Support Release version 22.214.171.1242 and earlier 13.x versions for Windows and Macintosh
- Adobe Flash Player 126.96.36.1996 and earlier 11.x versions for Linux
Adobe has stated that the latest version of Flash Player Desktop Runtime for Windows and Mac (v. 188.8.131.52) will address this issue. Users who may be unsure of the version of their Flash software may use this link to check.
Adobe Flash Player on Google Chrome and Internet Explorer on Windows 8.1 and later should automatically update to the latest version. Updates, including those for Windows XP, are also available in the Adobe Flash Player Download Center. We would also recommend that users opt for automatic updates whenever possible so that their applications are updated as soon as possible.
We will update this entry should any additional information be made available.
Update as of June 24, 2015, 8:12 A.M. (PDT):
Trend Micro Deep Security and Vulnerability Protection protect user systems from threats that may leverage this vulnerability with the following DPI rule:
- 1006810 – Adobe Flash Player Heap Buffer Overflow Vulnerability (CVE-2015-3113)
More information can also be found in our entry, New Adobe Zero-Day Shares Same Root as Older Flaws.
Update as of June 26, 2015, 3:10 P.M. PDT (UTC-7):
Trend Micro solutions are available to help protect users against threats that may leverage this vulnerability. Endpoint products detect malware that attempt to exploit this vulnerability as SWF_EXPLOYT.S. The existing Sandbox with Script Analyzer engine, which is part of Trend Micro™ Deep Discovery, can be used to detect this threat by its behavior without any engine or pattern updates.
Below are the SHA1 hashes related to this threat: