The Mac Security Blog

Security News

Adobe Flash Player 12.0.0.77 Released for Mac and Windows

Posted on by

adobe-patched-headerAdobe Flash Player 12.0.0.77, released for Mac and Windows, is now available for download. Adobe has also released Adobe Flash Player 11.2.202.346 for Linux. These updates address two vulnerabilities, which, if exploited would allow malicious native-code to execute, potentially without a user being aware.

Affected software versions include: Adobe Flash Player 12.0.0.70 and earlier versions for Windows and Macintosh, and Adobe Flash Player 11.2.202.341 and and earlier versions for Linux.

Adobe’s security bulletin (APSB14-08) describes the vulnerabilities addressed in the Flash Player update as follows:

  • These updates resolve a vulnerability that could be used to bypass the same origin policy (CVE-2014-0503): Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
  • These updates resolve a vulnerability that could be used to read the contents of the clipboard (CVE-2014-0504): Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x before 12.0.0.77 on Windows and OS X, and before 11.2.202.346 on Linux, allows attackers to read the clipboard via unspecified vectors.

Moreover, Adobe released Shockwave Player 12.1.0.150 to address a critical vulnerability in earlier versions of the software.

Affected software versions include: Adobe Shockwave Player 12.0.9.149 and earlier versions for Windows and Macintosh.

Adobe’s security bulletin (APSB14-10) describes the vulnerability addressed in the Shockwave Player update as follows:

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2014-0505): Adobe Shockwave Player before 12.1.0.150 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Users of Adobe Flash Player 12.0.0.70 and earlier versions for Windows and Macintosh should update to the new Adobe Flash Player 12.0.0.77. Users of Adobe Flash Player 12.2.202.341 and earlier versions for Linux should update to Adobe Flash Player 12.2.202.346. Adobe Flash Player 12.0.0.70 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 12.0.0.77 for Windows, Mac and Linux.

Users of Adobe Shockwave Player 12.0.9.149 and earlier versions should update to the newest version, Adobe Shockwave Player 12.1.0.150, as soon as possible.