Security & Privacy + Security News
Adobe Flash Player Turns 15; Update Kills Slew of Vulnerabilities
Posted on
by
Derek Erwin
Adobe Systems has released Adobe Flash Player 15.0.0.152 for Mac and Windows with security fixes that address a whole slew of vulnerabilities. The software update patches 12 security flaws altogether, including memory leakage vulnerabilities and a number of other flaws that could lead to code execution.
Affected software versions include: Adobe Flash Player 14.0.0.179 and earlier versions, Adobe Flash Player 13.0.0.241 and earlier 13.x versions, Adobe Flash Player 11.2.202.400 and earlier versions for Linux, Adobe AIR desktop runtime 14.0.0.178 and earlier versions, Adobe AIR SDK 14.0.0.178 and earlier versions, Adobe AIR SDK & Compiler 14.0.0.178 and earlier versions, and Adobe AIR 14.0.0.179 and earlier versions for Android.
Adobe’s security bulletin (APSB-14-21) describes the vulnerabilities patched in this update as follows:
- These updates resolve memory leakage vulnerabilities that could be used to bypass memory address randomization (CVE-2014-0557).
- These updates resolve a security bypass vulnerability (CVE-2014-0554).
- These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2014-0553).
- These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0555).
- These updates resolve a vulnerability that could be used to bypass the same origin policy (CVE-2014-0548).
- These updates resolve a heap buffer overflow vulnerability that could lead to code execution (CVE-2014-0556, CVE-2014-0559).
Users of Adobe Flash Player 14.0.0.179 and earlier versions for Macintosh should update to Adobe Flash Player 15.0.0.152 as soon as possible. Users of Flash Player 11.2.202.400 and earlier versions for Linux should update to Flash Player version 11.2.202.406. Adobe Flash Player 14.0.0.145 installed with Google Chrome will automatically be updated to include the most current Adobe Flash version.
Users of Adobe AIR 14.0.0.178 and earlier versions for Windows and Mac should update to Adobe AIR 15.0.0.249. Users of Adobe AIR 14.0.0.179 and earlier versions for Android should update to Adobe AIR 15.0.0.252.