Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Adobe Updates Flash Player, Shockwave and PDF Reader - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe Updates Flash Player, Shockwave and PDF Reader

In a warm up to patch Tuesday, it looks like we have a new version for Adobe Flash Player, Shockwave Player and PDF Reader. Given that some of the exploits against the vulnerabilities patched are public, you may want to expedite patching and review your Flash Player and browser configuration.

the latest (patched) versions are (thanks Dave!):

- Flash Player
- Flash Player EST
- Reader 10.1.15
- Reader 11.0.12
- Shockwave Player


You can get the latest version here: 

Also note that many browsers now allow you to disable Flash by default. You can re-enable it for sites that require Flash. Here is a nice page that will explain how to have your browser ask for permission before running plugins:


Johannes B. Ullrich, Ph.D.

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANSFIRE 2022


4504 Posts
ISC Handler
Jul 14th 2015
Update for Acrobat just released, latest version 15.007.20033.

18 Posts
A direct link to the latest builds (for Flash anyway) for multiple OSes is here: Adobe doesn't make this easy to find.

5 Posts
Yes, the Flash player update covers the 0-day found yesterday (07/13). So this update fixes 2 0-days.

41 Posts
The referenced HowToGeek guide missed one very good blanket approach for IE, which is to enable ActiveX Filtering, switching all ActiveX controls to a default-deny condition. A Flash site would result in a blue slashy-circle icon in the address bar, with the option to override the filtering for that visit if desired.
12 Posts

Sign Up for Free or Log In to start participating in the conversation!