Security News

Adobe Systems has released Adobe Flash Player 17.0.0.134 for Mac, Windows and Linux. These updates include security fixes for a total of 11 vulnerabilities discovered in Adobe software. “These vulnerabilities could potentially allow an attacker to take control of the affected system,” notes Adobe’s security bulletin.

Affected software versions include: Adobe Flash Player 16.0.0.305 and earlier versions, Adobe Flash Player 13.0.0.269 and earlier 13.x versions, and Adobe Flash Player 11.2.202.442 and earlier 11.x versions.

The vulnerabilities patched in these updates are described as follows:

• These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339).
• These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2015-0334, CVE-2015-0336).
• These updates resolve a vulnerability that could lead to a cross-domain policy bypass (CVE-2015-0337).
• These updates resolve a vulnerability that could lead to a file upload restriction bypass (CVE-2015-0340).
• These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-0338).
• These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-0341, CVE-2015-0342).

Users of Adobe Flash Player desktop runtime for Macintosh and Windows should update to Adobe Flash Player 17.0.0.134 (14.9 MB) as soon as possible. Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.277. Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.451. Adobe Flash Player installed with Google Chrome, as well as Internet Explorer on Windows 8.x, will automatically be updated to Flash Player version 17.0.0.134.