There is some good news for those many internet users who have Flash installed on their computers.
As I explained at the end of last week, vulnerabilities have been found in Adobe Flash that are being actively exploited by online criminals.
At the time of writing that article, Adobe had issued a patch for one of the critical vulnerabilities – but not the other. Adobe estimated that it wouldn’t be possible to issue a patch for the second zero-day vulnerability (known as CVE-2015-0311) until Monday 26 January or later in the week.
Well, with concern rising about the increased number of attacks, Adobe updated its security advisory on Saturday to say the following:
Users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 22.214.171.1246 beginning on January 24. This version includes a fix for CVE-2015-0311. Adobe expects to have an update available for manual download during the week of January 26, and we are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11. For more information on updating Flash Player please refer to this post.
Sure enough, when I checked System Preferences on my Mac OS X computer I was able to see that Adobe Flash had been automagically updated to the fixed version 126.96.36.1996.
If you don’t have Adobe configured to automatically update, you can tell it to check to see if an update is available at a click of a button.
However, it’s not such good news if you are using Chrome or Internet Explorer 10/11 as your browser – it sounds like Adobe needs to get a little help from Google and Microsoft to get the version of Flash built into those browsers updated.
And, if you need to manually download a fixed version of Flash, you probably will have to wait Monday or later in the week.
Adobe often gets something of a beating because of the number of vulnerabilities found in its software (although its product security does appear to have improved considerably in recent years), but on this occasion we should all thank them for managing to get a fix out – for at least some users – ahead of schedule.