Hi, On Thu, 25 Jun 2015 16:02:00 -0700 walt wrote: > Title: Adobe Releases Emergency to Patch Zero Day Under Active > Exploitation in the Wild > Description: Adobe released an out-of-band patch to address > CVE-2015-3113, a Flash Player zero-day vulnerability that is actively > being used by an APT group. The exploit has been ongoing since early > this month via phishing emails and affects Windows, Mac, and Linux > users. CVE-2015-3113 is a vulnerability in the way Flash parses Flash > Video Files (FLV). The exploit bypasses memory-based protection such > as ASLR and uses return-oriented programming (ROP) to bypass data > execution prevention (DEP). > Reference: > https://helpx.adobe.com/security/products/flash-player/apsb15-14.html > > I see that the gentoo devs have already added the latest version to my > ~amd64 machine (thanks, team) but what about all the people who are > running stable gentoo?
Taking how intensive vulnerability rate for adobe-flash is and considering its closed nature (e.g. no ability to fix issues in time yourself) I'd recommend to avoid its use at all. For cases where it can't be replaced (e.g. with gnash or html5-compatible browser) use isolated container or vm. Best regards, Andrew Savchenko
pgpN4D6MH65Qf.pgp
Description: PGP signature
