Flash plugin 0-day vulnerability in the wild
Martin Stransky
stransky at redhat.com
Mon Jan 26 12:55:55 UTC 2015
On 01/26/2015 01:48 PM, drago01 wrote:
> On Mon, Jan 26, 2015 at 1:40 PM, Martin Stransky <stransky at redhat.com> wrote:
>> On 01/23/2015 10:51 AM, Martin Stransky wrote:
>>>
>>> Folk,
>>>
>>> There's a live 0-day flash vulnerability which is not fixed yet [1][2].
>>> If you use flash plugin I recommend you to enable the click-to-play mode
>>> for it.
>>>
>>> There's also a Fedora Firefox update with such change [3].
>>>
>>> ma.
>>>
>>> [1]
>>>
>>> https://isc.sans.edu/diary/Flash+0-Day+Exploit+Used+by+Angler+Exploit+Kit/19213
>>>
>>> [2]
>>>
>>> http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html
>>>
>>> [3] https://bugzilla.redhat.com/show_bug.cgi?id=1185241
>>
>>
>> This vulnerability has got CVE-2015-0311 name [1]. Thx to drago01 to point
>> that out. Unfortunately it's still unfixed by Adobe and latest flash for
>> Linux/Firefox (11.2.202.438) is still vulnerable.
>
> The latest one is 11.2.202.440 ... which is supposed to have the fix.
Where have you got that? Official Adobe site [1] says the latest is
11.2.202.438 and flash download page [2] gives me the same. I see the
Ubuntu update with .440 package but what's that?
ma.
[1] http://www.adobe.com/software/flash/about/
[2] https://get.adobe.com/flashplayer/
More information about the devel
mailing list