14 DAY TRIAL // Adobe has just released new Flash Player versions 20.0.0.267 and 18.0.0.324 to fix a critical security issue used in the wild by attackers. Additionally, version 11.2.202.559 has been released for Linux users.
Usually, Adobe releases security patches for its much-maligned product every Tuesday on the second week of the month. This time, Adobe has gone out of its regular pattern and released an urgent fix to address a critical issue reported by Huawei, used in limited, targeted attacks.
The issue, CVE-2015-8651, is an integer overflow vulnerability that could lead to remote code execution on the user's PC, allowing attackers to compromise and take control of the station.
There are no details about the attacks, and they could have been exposed by Huawei's security staff during their research, or discovered after being used against the company itself.
Other security fixes have also been fixed, such as a type confusion vulnerability (CVE-2015-8644), four memory corruption vulnerabilities (CVE-2015-8459, CVE-2015-8460, CVE-2015-8636, CVE-2015-8645), and thirteen use-after-free vulnerabilities (CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, CVE-2015-8650). All allowed attackers to execute code on the user's machine.
Besides the new Flash Player versions for Mac, Windows, IE, Edge, Chrome, ChromeOS (20.0.0.267, 18.0.0.324), and Linux (11.2.202.559), Adobe has released a new AIR version as well (20.0.0.233).
You can get the latest version of the Adobe Flash Player from Adobe's website, or from Softpedia's download mirrors for Windows, Mac, and Linux.