Adobe Flash Player Update Patches Four Security Bugs
Posted on by Derek Erwin
Adobe has issued security updates for Adobe Flash Player for Mac and Windows, updating its software to version 13.0.0.182. These updates patch four critical security bugs that could potentially allow an attacker to take control of the affected system.
Affected software versions include: Adobe Flash Player 12.0.0.77 and earlier versions for Macintosh and Windows, Adobe Flash Player 11.2.202.346 and earlier versions for Linux, Adobe AIR 4.0.0.1628 and earlier versions for Android.
MORE: How to Tell if Adobe Flash Player Update is Valid
Adobe’s security bulletin (APSB14-09) describes the four bugs resolved in these updates as follows:
- These updates resolve a use-after-free vulnerability that could result in arbitrary code execution (CVE-2014-0506).
- These updates resolve a buffer overflow vulnerability that could result in arbitrary code execution (CVE-2014-0507).
- These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2014-0508).
- These updates resolve a cross-site-scripting vulnerability (CVE-2014-0509).
Users of Adobe Flash Player 12.0.0.77 and earlier versions for Windows and Macintosh should immediately update to the new Adobe Flash Player 13.0.0.182. Users of Adobe Flash Player 11.2.202.346 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.350 as soon as possible.
Adobe Flash Player 12.0.0.77 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 13.0.0.182 for Windows, Mac and Linux. Lastly, users of Adobe AIR 4.0.0.1628 and earlier versions for Android should update to Adobe AIR 13.0.0.83.