Adobe Quells Vulnerabilities with Flash Player Update
Posted on by Derek Erwin
Adobe has released security updates for Adobe Flash Player for Mac and other operating systems. Additionally, Adobe issued security updates for Adobe Reader and Acrobat for Macintosh and Windows. These updates resolve vulnerabilities that could potentially allow an attacker to take control of the affected system.
The following Flash Player and Adobe AIR software versions are affected and should be updated as soon as possible: Adobe Flash Player 11.9.900.170 and earlier versions for Mac and Windows, Adobe Flash Player 11.2.202.332 and earlier versions for Linux, and Adobe AIR 3.9.0.1380 and earlier versions for Mac and Windows.
Adobe’s security bulletin (APSB-14-02) describes the bugs fixed in the Flash Player update as follows:
- These updates resolve a vulnerability that could be used to bypass Flash Player security protections (CVE-2014-0491).
- These updates resolve an address leak vulnerability that could be used to defeat memory address layout randomization (CVE-2014-0492).
The following Adobe Reader and Acrobat versions for Windows and Mac are affected and should be updated as soon as possible: Adobe Reader XI (11.0.05) and earlier 11.x versions, Adobe Reader X (10.1.8) and earlier 10.x versions, Adobe Acrobat XI (11.0.05) and earlier 11.x versions, and Adobe Acrobat X (10.1.8) and earlier 10.x versions.
Adobe’s security bulletin (APSB-14-01) describes the bugs fixed in the Adobe Reader and Acrobat security updates:
- These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2014-0493, CVE-2014-0495).
- These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2014-0496).
To get the latest security updates, users of Adobe Flash Player 11.9.900.170 and earlier for Mac and Windows should install the 17.5 MB update to Adobe Flash Player 12.0.0.38. Adobe Flash Player 11.9.900.170 installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 12.0.0.41 for Windows, Macintosh and Linux.
Users of Adobe AIR 3.9.0.1380 and earlier versions for Windows and Macintosh should install the 26.3 MB update to Adobe AIR 4.0.0.1390.
Adobe Reader and Acrobat users can utilize the product’s update mechanism to get the latest security updates. Update checks can be manually activated by choosing Help > Check for Updates. Otherwise, Adobe Reader users on Windows can update here, and Adobe Reader users on Macintosh can update here. Adobe Acrobat Standard and Pro users on Windows can update here, and Acrobat Pro Extended users on Windows can update here. Acrobat Pro users on Macintosh can also find the appropriate update here.