Adobe Security Bulletin

Release date: July 7, 2015

Last Updated: July 30, 2015

Vulnerability identifier: APSA15-03

CVE number: CVE-2015-5119

Platform: Windows, Macintosh and Linux

A critical vulnerability (CVE-2015-5119) has been identified in Adobe Flash Player 18.0.0.194 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.  

Adobe is aware of reports that an exploit targeting this vulnerability has been published publicly. Adobe expects to make updates available on July 8, 2015.

UPDATE (July 8): Adobe recommends users update their product installations to the latest versions using the instructions provided in the "Solution" section in Security Bulletin APSB15-16.

• Adobe Flash Player 18.0.0.194 and earlier versions for Windows and Macintosh
• Adobe Flash Player Extended Support Release version 13.0.0.296 and earlier 13.x versions for Windows and Macintosh
• Adobe Flash Player 11.2.202.468 and earlier 11.x versions for Linux
  

To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.   

Adobe categorizes this as a critical vulnerability.

Adobe would like to thank Google Project Zero and Morgan Marquis-Boire for reporting CVE-2015-5119 and for working with Adobe to help protect our customers.  Adobe also appreciates the work of Trend Micro to identify attacks in the wild targeting CVE-2015-5119. 

July 8, 2015: Updated to include Security Bulletin link.   

July 30, 2015: Updated to include note of appreciation to Trend Micro.