[Update] Adobe now updated it's advisory and confirmed that version 16.0.0.296 fixes the o-day vulnerability (CVE-2015-0311). [2][3]

Adobe apparently just released Flash version 16.0.0.296. There is nothing on Adobe's website if this is a patch. As a matter of fact, Adobe still lists 16.0.0.287 as the most recent version [1]. You can download 16.0.0.296 if you manually check for updates using Flash.

This article will be updates as we learn more. I have NO IDEA if this new version fixes the current vulnerability, but given that this is a surprise weekend release, chances are that it was released in response to the vulnerability. Apply this update at your own risk.

Thanks to Christopher for noticing!

[1] http://www.adobe.com/software/flash/about/

[2] http://helpx.adobe.com/security/products/flash-player/apsa15-01.html

[3] http://blogs.adobe.com/psirt/?p=1160

---

Johannes B. Ullrich, Ph.D.

STI|Twitter|LinkedIn

I will be teaching next: Intrusion Detection In-Depth - SANS Cyber Defense Forum & Training