Adobe's January Patch Tuesday release came early with the company today issuing patches for a critical zero-day vulnerability in Flash Player that could potentially allow an attacker to take control of the affected system.
Adobe said the vulnerability (CVE-2015-8651) affects Flash Player in Windows, Mac OS X, Linux and ChromeOS and that an immediate patch needed to be issued.
“In terms of vulnerabilities that are actively being exploited in the wild, we aim to release a patch as quickly as possible in order to help protect our customers, whether if it falls on Patch Tuesday or not,” and Adobe spokesperson told SCMagazine.com in an email Tuesday.
Adobe noted the affected versions are:
- Adobe Flash Player Desktop Runtime versions 20.0.0.235 and earlier for Windows and Macintosh
- Adobe Flash Player Extended Support Release versions 18.0.0.268 and earlier for Windows and Macintosh
- Adobe Flash Player Extended Support Release versions 18.0.0.268 and earlier for Windows and Macintosh
- Adobe Flash Player Desktop Runtime versions 20.0.0.235 and earlier for Windows and Macintosh
- Adobe Flash Player Extended Support Release versions 18.0.0.268 and earlier for Windows and Macintosh
- Adobe Flash Player for Google Chrome versions 20.0.0.228 and earlier for Windows, Macintosh, Linux and ChromeOS
- Adobe Flash Player for Microsoft Edge and Internet Explorer 11 versions 20.0.0.228 and earlier for Windows 10.
- Adobe Flash Player for Internet Explorer 10 and 11 versions 20.0.0.228 and earlier for Windows 8.0 and 8.1
On December 8 Adobe rolled out a record 78 patches for its various products and was not scheduled to do so again until January 16.