Adobe’s Flash Player update fixes memory corruption vulnerabilities that could lead to code execution.
The newly released Flash Player versions are: Flash Player 11.7.700.202 for Windows and Macintosh, and Adobe Flash Player 11.2.202.285 for Linux.
The following flaws are resolved in the Adobe Flash Player update as described in the security advisory:
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, CVE-2013-3335).
Adobe Systems also released updates for Macintosh and Windows supported versions of Adobe Reader and Acrobat, resolving vulnerabilities “that could cause a crash and potentially allow an attacker to take control of the affected system,” the company said in its security advisory.
The newly released Adobe Reader versions are: Adobe Reader XI (11.0.03) for Windows and Macintosh, and Adobe Reader 9.5.5 for Linux.
The newly released Adobe Acrobat version is: Adobe Acrobat XI (11.0.03) for Windows and Macintosh.
Following are details describing the vulnerabilities fixed in the Adobe Reader and Acrobat security updates:
Users of Adobe Flash Player 11.7.700.169 and earlier versions for Mac and Windows should download and install the 17.1 MB update to Adobe Flash Player 11.7.700.202. Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.7.700.202 for Mac, Linux and Windows. Users of Adobe AIR 3.7.0.1530 and earlier versions for Windows and Mac should download and install the 26.2 MB update to Adobe AIR 3.7.0.1860. The 76.7 MB update to Adobe Reader 11.0.03 can be downloaded using the full installer here. The 199 MB Adobe Acrobat 11.0.03 Pro update for Mac can be downloaded here.