JPCERT-AT-2015-0019
                                                             JPCERT/CC
                                                            2015-07-09

                  <<< JPCERT/CC Alert 2015-07-09 >>>

           Vulnerabilities in Adobe Flash Player (APSB15-16)

         https://www.jpcert.or.jp/english/at/2015/at150019.html


I. Overview

  Adobe Systems has released security updates to address multiple
vulnerabilities in Adobe Flash Player (APSB15-16). A remote attacker
may cause Adobe Flash Player to crash or execute arbitrary code by
convincing a user to open specially crafted contents leveraging those
vulnerabilities. For more information on those vulnerabilities, please
refer to the information provided by Adobe Systems.

    Security updates available for Adobe Flash Player
    https://helpx.adobe.com/security/products/flash-player/apsb15-16.html

  According to Adobe Systems, an exploit targeting the vulnerability 
(CVE-2015-5119) has been publicly published. JPCERT/CC has confirmed
that this vulnerbility is leveraged in some attack cases.


II. Affected Products

  The following versions are affected by those vulnerabilities:

  - Adobe Flash Player 18.0.0.194 and earlier
    (Internet Explorer, Google Chrome, Mozilla Firefox, etc)


III. Solution

  Please update Adobe Flash Player to the latest version listed below:

  - Adobe Flash Player 18.0.0.203
    (Internet Explorer, Google Chrome, Mozilla Firefox, etc)

  Note that Internet Explorer 10 for Windows 8, Internet Explorer 11
for Windows 8.1 and Google Chrome contain Adobe Flash Player by
default. The latest version of Adobe Flash Player will be applied
through Windows Update for Internet Explorer 10 for Windows 8 and
Internet Explorer 11 for Windows 8.1. Also, the latest version of
Adobe Flash Player will be updated when Google Chrome is updated. For
more information, please refer to the following:

    Adobe Flash Player Download Center
    https://get.adobe.com/flashplayer/

    Microsoft Security Advisory (2755801)
    Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
    https://technet.microsoft.com/en-us/library/security/2755801.aspx

  Users can check the version of Adobe Flash Player that they are
using at the following link:

    Adobe Flash Player: Version Information
    https://www.adobe.com/software/flash/about/

  * Even if you use a web browser other than Internet Explorer, there is
    software that uses Adobe Flash Player installed for Internet
    Explorer, such as Microsoft Office, so please update Adobe Flash
    Player for Internet Explorer as well.


IV. References

    Adobe Security Bulletin
    Security Advisory for Adobe Flash Player
    https://helpx.adobe.com/security/products/flash-player/apsa15-03.html

    Microsoft Security Advisory 2755801
    Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
    https://technet.microsoft.com/en-us/library/security/2755801.aspx


  If you have any information regarding this alert, please contact
JPCERT/CC.

======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-3518-4600  FAX: +81-3-3518-4602
https://www.jpcert.or.jp/english/