Site icon The Mac Security Blog

Adobe Patches Critical Flaws in Flash and Shockwave

In two separate security updates, Adobe released new versions of its Flash Player and Shockwave Player to address vulnerabilities in the software. Both software updates address critical vulnerabilities and Adobe recommends users update their product installations to the latest versions.

The security issues addressed in Adobe Flash Player 11.5.502.149 and earlier versions affect all operating systems, resolving flaws that could cause a crash and potentially allow an attacker to take control of the affected system. Security updates for Adobe Shockwave Player 11.6.8.638 and earlier versions fix flaws that affect the Macintosh and Windows platforms, “[addressing] vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system,” the company said.

Adobe’s Flash Player update fixes a combined 17 flaws (CVEs), as indicated below:

The software update for Adobe Shockwave Player fixes two flaws, described in more detail below:

Users of Adobe Flash Player 11.5.502.149 and earlier versions for Mac OS X should download the 16.15 MB update to Adobe Flash Player 11.6.602.167 as soon as possible. Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.6.602.167 for Mac, Linux, and Windows platforms. Users of Adobe AIR 3.5.0.1060 and earlier versions for Mac should download the 26.6 MB update to Adobe AIR 3.6 (version 3.6.0.597). Lastly, users of Adobe Shockwave Player 11.6.8.638 and earlier versions for Mac and Windows should download the 12.9 MB update to the newest Shockwave Player version 12.0.0.112.

Share this: