Adobe Updates Flash Player, Patches 18 Vulnerabilities
Posted on
by
Derek Erwin
Adobe Systems has issued patches for vulnerabilities in Adobe Flash Player for Mac and Windows, releasing version 15.0.0.223. These updates address a combined 18 vulnerabilities that “could potentially allow an attacker to take control of the affected system,” according to Adobe’s security bulletin.
Affected software versions include: Adobe Flash Player 15.0.0.189 and earlier versions, Adobe Flash Player 13.0.0.250 and earlier 13.x versions, Adobe Flash Player 11.2.202.411 and earlier versions for Linux, Adobe AIR desktop runtime 15.0.0.293 and earlier versions, Adobe AIR SDK 15.0.0.302 and earlier versions, and Adobe AIR 15.0.0.293 and earlier versions for Android.
The vulnerability patched in these updates are described as follows:
- These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2014-0576, CVE-2014-0581, CVE-2014-8440, CVE-2014-8441).
- These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2014-0573, CVE-2014-0588, CVE-2014-8438).
- These updates resolve a double free vulnerability that could lead to code execution (CVE-2014-0574).
- These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2014-0577, CVE-2014-0584, CVE-2014-0585, CVE-2014-0586, CVE-2014-0590).
- These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2014-0582, CVE-2014-0589).
- These updates resolve an information disclosure vulnerability that could be exploited to disclose session tokens (CVE-2014-8437).
- These updates resolve a heap buffer overflow vulnerability that could be exploited to perform privilege escalation from low to medium integrity level (CVE-2014-0583).
- These updates resolve a permission issue that could be exploited to perform privilege escalation from low to medium integrity level (CVE-2014-8442).
Users of Adobe Flash Player for Windows and Macintosh should update to Adobe Flash Player 15.0.0.223 (14.9 MB). Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.418.
Adobe Flash Player installed with Google Chrome, as well as Internet Explorer for Windows 8.x will be automatically updated to the current version. Users of Adobe AIR desktop runtime and for Android should update to version 15.0.0.356 (29.8 MB).