Adobe Kills Fourteen Bugs with New Software Updates
Posted on by Derek Erwin
Adobe has released security updates for Adobe Flash Player, Shockwave Player, Adobe Reader and Acrobat, available for Mac OS X and other operating systems. Altogether, Adobe closed fourteen bugs with the new software updates; four bugs fixed in Flash Player, eight fixed in Adobe Reader and Acrobat, and two bugs fixed in Adobe Shockwave Player.
The Adobe Flash Player, Reader and Acrobat updates address “vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.” The Adobe Shockwave Player update addresses “vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system,” according to the company’s security bulletin. As always, we recommend that all users update their software to the newest versions to avoid potential security issues.
From Adobe’s Flash Player security bulletin (APSB13-21), the following describes the security contents of the software update:
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2013-3361, CVE-2013-3362, CVE-2013-3363, CVE-2013-5324).
From Adobe’s Reader and Acrobat security bulletin (APSB13-22), the following describes the security contents of the software update:
These updates resolve stack overflow vulnerabilities that could lead to code execution (CVE-2013-3351).
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2013-3352, CVE-2013-3354, CVE-2013-3355).
These updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2013-3353, CVE-2013-3356).
These updates resolve integer overflow vulnerabilities that could lead to code execution (CVE-2013-3357, CVE-2013-3358).
From Adobe’s Shockwave Player security bulletin (APSB13-23), the following describes the security contents of the software update:
This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2013-3359, CVE-2013-3360).
Users of Adobe Flash Player 11.8.800.94 and earlier versions for Windows and Macintosh should download Adobe Flash Player 11.8.800.168 (total size: 17.2 MB) to get the latest security update. Adobe Flash Player 11.8.800.97 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.8.800.170 for Windows, Mac and Linux. Users of Adobe AIR 3.8.0.910 and earlier versions for Mac should install the 26.29 MB update to Adobe AIR 3.8.0.1430.
Users of Adobe Reader on Macintosh computers can find the appropriate update here (Windows users go here). Acrobat Pro users running Macs can find the appropriate update here. Lastly, users of Adobe Shockwave Player 12.0.3.133 and earlier versions should download and install Shockwave Player 12.0.4.144 (13.0 MB) to get the latest security updates.