For the complete experience, please enable JavaScript in your browser. Thank you!

  • Creative Cloud
  • Photoshop
  • Illustrator
  • InDesign
  • Premiere Pro
  • After Effects
  • Lightroom
  • See all
  • See plans for: businesses photographers students
  • Document Cloud
  • Acrobat DC
  • Sign
  • Stock
  • Elements
  • Marketing Cloud
  • Analytics
  • Audience Manager
  • Campaign
  • Experience Manager
  • Media Optimizer
  • Target
  • See all
  • Adobe for enterprise
  • Acrobat Reader DC
  • Adobe Flash Player
  • Adobe AIR
  • Adobe Shockwave Player
  • All products
  • Creative Cloud
  • Individuals
  • Photographers
  • Students and Teachers
  • Business
  • Schools and Universities
  • Marketing Cloud
  • Document Cloud
  • Stock
  • Elements
  • All products
  • Get Support
    Find answers quickly. Contact us if you need to.
    Start now >
  • Learn the apps
    Get started or learn new ways to work.
    Learn now >
  • Ask the community
    Post questions and get answers from experts.
    Start now >
Adobe is changing the world through digital experiences. Our creative, marketing and document solutions empower everyone — from emerging artists to global brands — to bring digital creations to life and deliver them to the right person at the right moment for the best results.
    • About Us
    • Newsroom
    • Careers At Adobe
    • Privacy
    • Security
    • Corporate Responsibility
    • Customer Showcase
    • Investor Relations
    • Events
    • Contact Us

Adobe Security Bulletin

Security Advisory for Adobe Flash Player

Release date: January 22, 2015

Last updated: January 24, 2015

Vulnerability identifier: APSA15-01

CVE number: CVE-2015-0311

Platform: All Platforms

Summary

A critical vulnerability (CVE-2015-0311) exists in Adobe Flash Player 16.0.0.287 and earlier versions for Windows and Macintosh.  Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.  We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below. 

UPDATE (January 24): Users who have enabled auto-update for the Flash Player desktop runtime will be receiving version 16.0.0.296 beginning on January 24. This version includes a fix for CVE-2015-0311. Adobe expects to have an update available for manual download during the week of January 26, and we are working with our distribution partners to make the update available in Google Chrome and Internet Explorer 10 and 11. For more information on updating Flash Player please refer to this post.  

Affected software versions

  • Adobe Flash Player 16.0.0.287 and earlier versions for Windows and Macintosh
  • Adobe Flash Player 13.0.0.262 and earlier 13.x versions
  • Adobe Flash Player 11.2.202.438 and earlier versions for Linux

To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.

Severity ratings

Adobe categorizes this as a critical vulnerability.

Revisions

January 24, 2015: Updated to include Flash Player version delivered via auto-update.   

January 24, 2015: Updated to reflect reports that Windows 8.1 is also affected by CVE-2015-0311. 

Choose your region United States (Change)   Products   Downloads   Learn & Support   Company
Choose your region Close

Americas

Europe, Middle East and Africa

Asia Pacific

  • Brasil
  • Canada - English
  • Canada - Français
  • Latinoamérica
  • México
  • United States
  • Africa - English
  • Österreich - Deutsch
  • Belgium - English
  • Belgique - Français
  • België - Nederlands
  • България
  • Hrvatska
  • Cyprus - English
  • Česká republika
  • Danmark
  • Eesti
  • Suomi
  • France
  • Deutschland
  • Greece - English
  • Magyarország
  • Ireland
  • Israel - English
  • ישראל - עברית
  • Italia
  • Latvija
  • Lietuva
  • Luxembourg - Deutsch
  • Luxembourg - English
  • Luxembourg - Français
  • Malta - English
  • الشرق الأوسط وشمال أفريقيا - اللغة العربية
  • Middle East and North Africa - English
  • Moyen-Orient et Afrique du Nord - Français
  • Nederland
  • Norge
  • Polska
  • Portugal
  • România
  • Россия
  • Srbija
  • Slovensko
  • Slovenija
  • España
  • Sverige
  • Schweiz - Deutsch
  • Suisse - Français
  • Svizzera - Italiano
  • Türkiye
  • Україна
  • United Kingdom
  • Australia
  • 中国
  • 中國香港特別行政區
  • Hong Kong S.A.R. of China
  • India - English
  • 日本
  • 한국
  • New Zealand
  • Southeast Asia (Includes Indonesia, Malaysia, Philippines, Singapore, Thailand, and Vietnam) - English
  • 台灣

Commonwealth of Independent States

  • Includes Armenia, Azerbaijan, Belarus, Georgia, Moldova, Kazakhstan, Kyrgyzstan, Tajikistan, Turkmenistan, Ukraine, Uzbekistan

Copyright © 2016 Adobe Systems Incorporated. All rights reserved.

Terms of Use | Privacy | Cookies

AdChoices