Security News

Adobe Patches Three Flaws with Flash Player Update

Posted on by

adobe-patched-headerLast week, Adobe released a Flash Player update for Mac and other operating systems, updating the software to version 12.0.0.70. This update addresses three critical flaws that could potentially allow an attacker to remotely take control of the affected system; an exploit for CVE-2014-0502 exists in the wild.

Affected software versions include: Adobe Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.336 and earlier versions for Linux.

The Adobe Product Security Incident Response Team warned of a critical vulnerability, resolved in this update, which exists in the wild:

Adobe is aware of reports that an exploit for CVE-2014-0502 exists in the wild, and recommends users update their product installations to the latest versions using the instructions referenced in the security bulletin.

Graham Cluley on his blog noted a connection between the critical flaw and some sites that were compromised recently.

Cluley warned:

Anyone who has visited these websites in recent weeks is at a high risk of having had their computers infected, and the potential for data on their PCs to have been stolen.

Adobe’s security bulletin (APSB14-07) describes the three flaws patched in this update as follows:

  • These updates resolve a stack overflow vulnerability that could result in arbitrary code execution (CVE-2014-0498).
  • These updates resolve a memory leak vulnerability that could be used to defeat memory address layout randomization (CVE-2014-0499).
  • These updates resolve a double free vulnerability that could result in arbitrary code execution (CVE-2014-0502).

Users of Adobe Flash Player 12.0.0.44 and earlier versions for Windows and Macintosh should immediately update to the new Adobe Flash Player 12.0.0.70. Users of Adobe Flash Player 11.2.202.336 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.341 as soon as possible. Adobe Flash Player 12.0.0.44 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 12.0.0.70 for Windows, Mac and Linux.