Release date: October 14, 2015
Last updated: October 15, 2015
Vulnerability identifier: APSA15-05
CVE number: CVE-2015-7645
Platforms: Windows, Macintosh and Linux
A critical vulnerability (CVE-2015-7645) has been identified in Adobe Flash Player 18.104.22.168 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.
Adobe is aware of a report that an exploit for this vulnerability is being used in limited, targeted attacks.
UPDATE: Adobe expects updates to be available as early as October 16.
- Adobe Flash Player 22.214.171.124 and earlier versions for Windows and Macintosh
- Adobe Flash Player Extended Support Release version 126.96.36.199 and earlier 18.x versions
- Adobe Flash Player 188.8.131.525 and earlier 11.x versions for Linux
To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.
Adobe categorizes this as a critical vulnerability.
Adobe would like to thank Peter Pi of Trend Micro for reporting CVE-2015-7645 and for working with Adobe to help protect our customers.