Thats the flash update on Jan 22. The one, the one being actively exploited and unpatched is the one in the links.
"A critical vulnerability (CVE-2015-0311) exists in Adobe Flash Player 16.0.0.287 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8 and below.
Adobe expects to have a patch available for CVE-2015-0311 during the week of January 26. "
“TL:DR Any version of Internet Explorer or Firefox with any version of Windows will get owned if Flash up to 16.0.0.287 (included) is installed and enabled.”
"Safe : - Chrome : They are not firing that bullet "
The point being absent an AV that can handle the new zero day. A large majority of computers are vulnerable to. I use Firefox as a my main browser, I can temporally use Chrome, but it would be nice if we can get any official word from Avast that they have definitions for he new exploit until Adobe can patch flash next week.
I see I didn’t see the Avast team tag next to his post reading from my small phone screen. Yep, that is excellent news.
With that settled, it is a bit disconcerting that all version of IE and Firefox were vulnerable given that the various sandboxes. IE 10,11 in Windows 8 has its own flash wrapped around its protected mode sandbox, and Adobe sandboxed Flash for Firefox on Vista and up. So in addition to patching Flash, I assume IE has an exploit they need to patch.
I know sandbox aren’t the end all, but it seems the hackers did in the IE and Adobe sandboxes at the same time.
