Beware! Adobe has confirmed vulnerabilities exploitable via leaked proof-of-concept (PoC) code, detected in its Flash Player. Flagging it as a critical security issue, Adobe calls on all Windows, Linux and Mac users to temporarily stop using the program, who have Flash Player add-ons installed in their Internet browsers. In its security bulletin Adobe has published a post where it is said that vulnerabilities are so serious that if attacker exploits them, he could harm and take control over the affected computer to a great extent.
These vulnerabilities (CVE-2015-5122, CVE-2015-5123) are found in 220.127.116.11 and other older versions of Flash Player.
The issue was first discovered by Trend Micro and FireEye and reportedly these security software companies are working with Adobe to fix it.
Symantec, the leading and reputed Antivirus company released a post stating that (CVE-2015-5122) vulnerability is supposedly belongs to the hacking team of an Italian company that is said to have suffered major data breach. Over 400GB of sensitive data comprising highly sensitive source code, documents etc. was leaked and posted publicly on internet that increased the risk of misusing this data by hackers.
Which version of Adobe Flash player is affected
- Adobe Flash Player 18.104.22.168 and earlier versions for Windows and Macintosh
- Adobe Flash Player 22.214.171.124 and earlier versions for Linux installed with Google Chrome
- Adobe Flash Player Extended Support Release version 126.96.36.1992 and earlier 13.x versions for Windows and Macintosh
- Adobe Flash Player Extended Support Release version 188.8.131.521 and earlier 11.x versions for Linux
Symantec advised to disable the flash player across all internet browsers until the patch is released.
How to disable Adobe Flash Player for different browsers
- Open your browser and in the address bar type chrome:plugins
- Here you will be able to see the list of all Chrome plugins with associated options
- Simply locate Flash Player and disable it
- Open Internet Explorer and then go to “Tools > Manage add-ons”
- Under show select “all add-ons”
- Here disable the Shockwave Flash Object
- Open FireFox browser and then in browser menu go to “add-ons > Plugins”
- And disable Shockwave Flash Object
Doing the same, you can enable Flash Player, having the vulnerability fixed.