Adobe Releases Flash Version 11.2.202.356: Update NOW

Over the last week security researchers have been combing through the 400-gigabyte treasure trove of documents from The Hacking Team's hacked servers. The Hacking Team is an Italian based company that specializes in de-anonymization, decryption, and other subversive technologies such as sanctioned spyware that they sell to nation states world-wide.

As part of the 400 gigabyte trove were references to several undiscovered 0-day exploits against the Flash and Oracle Java runtimes. One of these vulnerabilities was patched last week. Yesterday morning, in light of these exploits, Adobe released Flash version 11.2.202.356 for Linux. All versions of Flash from 11.2.202.350 and earlier are vulnerable to the exploits.

In response to the these three zero-day vulnerabilities Mozilla has blacklisted all Flash plugins prior to 11.2.202.356, any Firefox users who attempt to run Flash content with a version prior will be presented with a message that the Flash plugin is insecure and must be updated. In a further response to the exploits Facebook's Security Chief, Alex Stamos, has publicly called for "Adobe to announce the end of life date for Flash and to ask browsers to set killbits on the same day."

Google Chrome users should receive the updates automatically. Given Adobe's poor level of support for Flash on Linux, as well as Flash's rather tragic security record, readers are encouraged to begin migrating off of Adobe Flash on all systems that are reasonable to do so.