{"id":36004,"date":"2015-01-26T11:13:05","date_gmt":"2015-01-26T19:13:05","guid":{"rendered":"http:\/\/www.intego.com\/mac-security-blog\/?p=36004"},"modified":"2017-01-06T15:51:45","modified_gmt":"2017-01-06T23:51:45","slug":"adobe-patches-second-0day-flaw-with-flash-player-16-0-0-296","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/adobe-patches-second-0day-flaw-with-flash-player-16-0-0-296\/","title":{"rendered":"Adobe Patches Second 0-Day Flaw with Flash Player 16.0.0.296"},"content":{"rendered":"

\"adobe-patched-header\"<\/a>Over the weekend, on January 24, Adobe Systems released another Flash Player update that includes a fix for a second 0-day vulnerability\u00a0(CVE-2015-0311) affecting Adobe Flash Player 16.0.0.287 and earlier versions for Mac and Windows.<\/p>\n

Adobe previously patched one of the critical 0-Day vulnerabilities with an update to Flash Player 16.0.0.287<\/a>, but was still investigating reports that a separate exploit exists in the wild. Adobe estimated that they would have a new Flash Player update available during the week of January 26.<\/p>\n

Ahead of schedule, Adobe updated its security bulletin (APSA15-01<\/a>), and said:<\/p>\n

UPDATE (January 24): Users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 16.0.0.296 beginning on January 24. This version includes a fix for CVE-2015-0311. Adobe expects to have an update available for manual download during the week of January 26, and we are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11.<\/p><\/blockquote>\n

That’s great news! But how can you\u00a0check if\u00a0this manual update is available to you, and securely\u00a0download and install it? Follow the\u00a0steps outlined below.<\/p>\n

How to\u00a0Manually Update Flash Player<\/h3>\n

If you\u2019re unsure what version of Adobe Flash you have running, or how to safely\u00a0install new updates, you can head over here for some answers to the most common Flash Player installation and update questions<\/a>.<\/p>\n

For\u00a0the easiest\u00a0way to check what Flash Player version you have installed on Mac OS X, and update to the latest version, follow these steps:<\/p>\n

    \n
  1. Choose\u00a0the Apple menu icon (upper left corner on OS X desktop)<\/li>\n
  2. Select System Preferences<\/li>\n
  3. Then click on Flash Player at the bottom under Other<\/li>\n
  4. In the Advanced tab, under Updates, press the Check Now button<\/li>\n<\/ol>\n

    If you do not have the latest Flash Player version, you will see a notification that an update is available, and it will ask if you want to download and install it.<\/p>\n

    \"Adobe<\/a><\/p>\n

      \n
    1. Click Yes, and then follow all of the prompts from Adobe for updating to the latest version of Flash Player<\/li>\n<\/ol>\n

      Now you should see that NPAPI plug-in version 16.0.0.296 is installed<\/strong>. This is the latest version of Flash Player and includes patches for both\u00a00-day vulnerabilities (CVE-2015-0310, CVE-2015-0311) affecting earlier Flash Player versions.<\/p>\n

      \"Flash<\/a><\/p>\n

       <\/p>\n

      By using this method to check for\u00a0Adobe Flash Player updates,\u00a0your computer\u2019s internal system will properly check and connect you to Adobe\u2019s website.\u00a0Because OS X\u2019s internal system bypasses fake websites entirely and makes it far less likely for users to be fooled by phishing websites, this is perhaps the most secure way to update Flash Player.<\/p>\n

      January 27 Update<\/strong>: Adobe’s security updates for Adobe Flash Player for Windows, Macintosh and Linux are now available for download from Adobe.com. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system, according to Adobe’s security bulletin (APSB15-03<\/a>).<\/p>\n

      Affected (out of date) software versions include: Adobe Flash Player 16.0.0.287 and earlier versions, Adobe Flash Player 13.0.0.262 and earlier 13.x versions, and Adobe Flash Player 11.2.202.438 and earlier versions for Linux.<\/p>\n

      Flash Player 16.0.0.296 for Mac and Windows, and Flash Player 11.2.202.440 for Linux, include patches for the following vulnerabilities:<\/p>\n