March 12, 2015

Adobe has released an update for its Flash Player software that fixes at least 11 separate, critical security vulnerabilities in the program. If you have Flash installed, please take a moment to ensure your systems are updated.

brokenflash-aNot sure whether your browser has Flash installed or what version it may be running? Browse to this link. The newest, patched version is 17.0.0.134 for Windows and Mac users. Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, should automatically update to version 17.0.0.134.

The most recent versions of Flash should be available from the Flash home page, but beware potentially unwanted add-ons, like McAfee Security Scan. To avoid this, uncheck the pre-checked box before downloading, or grab your OS-specific Flash download from here. Windows users who browse the Web with anything other than Internet Explorer may need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.).

The last few Flash updates from Adobe have been in response to zero-day threats targeting previously unknown vulnerabilities in the program. But Adobe says it is not aware of any exploits in the wild for the issues addressed in this update. Adobe’s advisory on this patch is available here.


27 thoughts on “Adobe Flash Update Plugs 11 Security Holes

  1. justme

    Thanks Brian – 3 browsers patched (all had to be different didn’t they?!)

  2. JCitizen

    Adobe auto-update, File Hippo Application Manager, Avast outdated software scan, and Secuni PSI all FAILED to detect the update!!! Once again Brian Krebs to the rescue!!

    Hey mild mannered reporter you got a big “S” hidden under your shirt??!!! 😀

    1. kybelboy

      My File Hippo Caught it but not Secunia PSI. At the same time Chrome indicated a Malware theat by clicking on the link from File Hippo. They have hosted malware once in the last 90 days. I ended up bypassing File Hippo and going directly to Adobe for the updates. It seems you can’t trust anyone these days except brian 🙂

  3. Likes2LOL

    *11* security holes????

    My God — do they put the holes in on purpose, so they can make more revenue with the add-on software they get commissions on when naive people update their program?

    Thanks, Brian, keeping a computer up-to-date would be a major hassle without your timely notices….. This update, I’ll execute on Sunday.

  4. Eric

    And how many more holes did they introduce when trying to plug these holes?

    I guess that’s not a very polite question..

  5. Mike

    Would this be 11 critical security problems that were ignored on the last go around or things that were created by the previous update?

  6. Donald J Trump

    The fun never ends with all the updates !

    1. Rick Blaine

      The fun never ends because the Internet never ends. But I suggest a solution. Give up the Internet, go to cash and sleep for a change.

  7. mica

    And though the holes were rather small
    They had to count them all
    Now they know how many holes it takes to fill the Albert Hall

    1. JimV

      However, I don’t think Adobe would particularly like to turn you on….

  8. nick

    The latest update has caused continual crashes ever since!
    I removed and reinstalled Adobe Flash (version 17.0.0.134) but AF still fails.
    I have checked all internal settings & restarted the computer a number of times, and still crashing.
    Would love some help.

  9. Rigsby

    Thanks Brian.

    Adobe Air has also been updated to v17.0.0.124.

  10. Isaac

    Thanks Brian! My IE11 had not auto updated as of today (even tried a reboot and an update check and nothing came up showing the update), so using your handy link I did it manually. Good to go until the next round…

  11. eCurmudgeon

    Once again – like Java – if you don’t need to have Flash on your computer, your best best is to remove it entirely.

    I’ve had my main work laptop Flash-free for about a month, and the only item I’ve had issues with I simply run in Chrome when necessary.

      1. eCurmudgeon

        If you have Chrome you are not flash free

        Strictly speaking, true. But if you use Chrome only for those sites where Flash is still needed (in my case, one device UI and a conferencing application), you dramatically reduce your attack surface.

    1. Muffin

      I too removed Adobe Flash Player about a month ago and have had no need for it. Thank you all very much for the sound advice. I’m not a computer expert and most of what you all talk about I don’t understand, but I still learn a lot from your comments and of course Brian’s articles.

  12. TwoOctivesHigh

    This is the very first Adobe update in a very long time that installed cleanly … without having to reboot my machine or restart my browsers.

    Can Adobe be finally learning how to program?

    > If you don’t need Flash, remove it.

    That’s hardly the point. I wish I didn’t need Flash, but all those darn websites I visit require Flash.

    The good news is that Flash is slowly disappearing.

    YouTube will deliver videos in html5 now if you have a compatible browser.

    Thanks Brian … great column.

  13. Jason

    Do you need hackers for hire? Do you need to keep an eye on your spouse by gaining access to their emails? As a parent do you want to know what your kids do on a daily basis on social networks ( This includes facebook, twitter , instagram, whatsapp, WeChat and others to make sure they’re not getting into trouble? Whatever it is, Ranging from Bank Jobs, Flipping cash, Criminal records, DMV, Taxes, Name it, We can get the job done. We’re a group of professional hackers with 25 Years+ experience. Contact at hacksville147@gmail.com … Send an email and Its done. Its that easy, try us out today.

    1. kybelboy

      Why don’t you do some pro-bono work and take out all those foreign A-holes who keep stealing credit cards info. Maybe someone will tip you.

  14. Angus S-F

    You said: “Windows users who browse the Web with anything other than Internet Explorer may need to apply this patch twice, once with IE and again using the alternative browser (Firefox, Opera, e.g.).” Actually, I don’t even bother to install the ActiveX version of Flash since I only use IE for Microsoft sites which require it.

    1. Cavoyo

      What happens when someone puts a Flash exploit on a Microsoft page that you visit?

Comments are closed.