Jump to content
Login new information ×
Login new information

Adobe issues patch update for 13 security vulnerabilities in Flash Player

Batu69

By Batu69
in Security & Privacy News

Recommended Posts

Batu69

Batu69

Posted
Posted

Adobe's latest security update includes fixes for memory leak, memory corruption and remote code execution issues.

Adobe has issued a relatively small security update which patches a total of 13 vulnerabilities in Flash Player.

On Tuesday, Adobe issued the firm's latest set of security updates, specifically for the Adobe Flash Player. The updates for Windows, Mac and Linux users address "vulnerabilities that could potentially allow an attacker to take control of the affected system," according to the tech giant.

Adobe Flash Player 17.0.0.188 and earlier on Windows and Mac, Adobe Flash Player Extended Support Release 13.0.0.289 and earlier 13.x versions for Windows and Mac, and Flash Player 11.2.202.460 and earlier 11.x versions for Linux are all affected and patched in this update, which includes fixes for a number of critical vulnerabilities.

In addition, Windows and Mac-based Adobe AIR Desktop Runtime 17.0.0.172 and earlier versions, Adobe AIR SDK and SDK & Compiler 17.0.0.172 and earlier, and Adobe AIR for Android 17.0.0.144 and earlier versions are all been affected by this update.

The majority of the security flaws patched relate to vulnerabilities which could lead to remote code execution, as well as memory corruption and leak issues which could lead to vulnerability fix bypass and the circumvention of ASLR.

Adobe has also patched issues concerning memory address randomization of the Flash heap, same-origin-policy, stack overflow vulnerabilities and use-after-free vulnerabilities.

Users of the Adobe Flash Player Desktop Runtime for Windows and Mac should update to Flash 18.0.0.160, users of the Adobe Flash Player Extended Support Release for Windows and Mac should update to Flash Player 13.0.0.292 and Adobe Flash Player for Linux users should update to Flash Player 11.2.202.466.

The software giant also recommends that users of the Adobe AIR Desktop Runtime should update to version 18.0.0.143 if they are Mac users, and 18.0.0.144 for Windows systems. Users of the Adobe AIR SDK and AIR SDK & Compiler should update to version 18.0.0.143 for Mac and 18.0.0.144 for Windows. Users of Flash for Google Chrome and Internet Explorer on Windows 8.x will automatically update.

In addition, users of Adobe AIR for Android should update to version 18.0.0.143.

Adobe recommends users accept automatic updates for both Reader and Acrobat. From August this year, Adobe will update the "Extended Support Release" from Flash Player 13 to Flash Player 18 for Mac and Windows machines. To stay current, users must also update to this version.

Within the security bulletin, Adobe has given credit to the Chromium Vulnerability Reward Program, Google Project Zero, the McAfee Labs IPS Team, Tomas Polesovsky and Malte Batram, among others.

Last month, Adobe released a security update which patched a total of 52 vulnerabilities in Flash, Reader and Acrobat. The update included fixes for flaws concerning remote code execution, heap overflow issues, type confusion problems and memory corruption vulnerabilities.

In related news, this week the Office of the Australian Information Commissioner (OAIC) concluded Adobe failed to take reasonable precautions in protecting sensitive customer data held during a cyberattack which took place in 2013.

Source

Link to comment
Share on other sites
  • Replies 10
  • Views 1.8k
  • Created
  • Last Reply
steven36

steven36

Posted
Posted

Really flash should be done away with ... Its getting to the point you can find a pirate stream in HTML5 of your favorite shows when many legal alternatives are still using flash. :P

At lest this time Microsoft manged to roll out active x for IE 11 in Win 8 and Win 8.1 on time.. half the time you have to wait anymore because flash has so many updates this year. :rolleyes:

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...