Flash Player version 16.0.0.296 is now available.
![Flash Player Versions]()
In Windows, you can check what version you have installed via Flash's Control Panel applet.
![Settings Manager, Flash Player 16.0.0.296]()
According to Adobe Security Bulletin APSA15-01, users who have enabled auto-update will have received the update starting on January 24th. Manual downloaders needed to wait a couple of days.
![Adobe Bulletin CVE-2015-0311]()
We're not exactly sure why manual downloads were delayed, but whatever the reason, auto-updates are recommended.
And not only that, but more. At this point, we recommend enabling "click-to-play" options. Here's an example from Firefox with the "Ask to Activate" configured.
![Firefox, Flash, Ask to Activate]()
Google Chrome also offers options in its "advanced" settings.
Why do we recommend click-to-play? Because Flash Player is currently the application most aggressively targeted by exploit kits.
Here are some stats from last week from which you can see that Angler, which was targeting a Flash Player 0-Day vulnerability, was leading the exploit kit market.
Finland:
![Exploit Kits, January 2015 FI]()
Germany:
![Exploit Kits, January 2015 DE]()
United Kingdom:
![Exploit Kits, January 2015 UK]()
And Angler was number one in several other regions as well.
So, update your Flash Player, set it to auto-update, and configure click-to-play.
Updated to add on February 2nd:
There's another zero-day Flash Player vulnerability in-the-wild that's being actively exploited. Adobe has issued a security advisory and yet another update is in the works this week.
Meanwhile, seriously, consider click-to-play options! Here's how via How-To Geek. (A hat tip to @Bart for the link.)
In Windows, you can check what version you have installed via Flash's Control Panel applet.
According to Adobe Security Bulletin APSA15-01, users who have enabled auto-update will have received the update starting on January 24th. Manual downloaders needed to wait a couple of days.
We're not exactly sure why manual downloads were delayed, but whatever the reason, auto-updates are recommended.
And not only that, but more. At this point, we recommend enabling "click-to-play" options. Here's an example from Firefox with the "Ask to Activate" configured.
Google Chrome also offers options in its "advanced" settings.
Why do we recommend click-to-play? Because Flash Player is currently the application most aggressively targeted by exploit kits.
Here are some stats from last week from which you can see that Angler, which was targeting a Flash Player 0-Day vulnerability, was leading the exploit kit market.
Finland:
Germany:
United Kingdom:
And Angler was number one in several other regions as well.
So, update your Flash Player, set it to auto-update, and configure click-to-play.
Updated to add on February 2nd:
There's another zero-day Flash Player vulnerability in-the-wild that's being actively exploited. Adobe has issued a security advisory and yet another update is in the works this week.
Meanwhile, seriously, consider click-to-play options! Here's how via How-To Geek. (A hat tip to @Bart for the link.)
On 27/01/15 At 05:13 PM