Adobe patches Flash and zero-day Acrobat bugs

Adobe patches Flash and zero-day Acrobat bugs

Summary: A flaw in Adobe Acrobat and Reader for Windows is being exploited in the wild. Critical vulnerabilities affect all versions of Flash Player.

SHARE:
TOPICS: Security
0

Adobe has released updates to fix seven vulnerabilities in Flash Player and one vulnerability in Adobe Reader and Acrobat which, the company says, is being exploited in the wild "...in limited, isolated attacks targeting Adobe Reader users on Windows." The OS X versions of Acrobat and Reader are not affected.

Users may update Acrobat and Reader with the Help > Check for Updates menu option. Flash Player users may download the latest version from Adobe at this page. Users of Internet Explorer on Windows 8 and above and of Google Chrome will receive browser updates from those companies with fixed versions of their integrated Flash Player.

The lone vulnerability in Acrobat and Reader for Windows could allow an attacker to circumvent sandbox protection. Users of Adobe Reader 11.x for Windows should update to version 11.0.08. Users of Adobe Reader 10.x for Windows should update to version 10.1.11.

The vulnerability was reported to Adobe by Costin Raiu and Vitaly Kamluk of Kaspersky Labs. In a blog entry, Raiu says that the attacks are very rare, but that it's still important for everyone to patch as soon as possible.

The seven vulnerabilities in Flash affect version 14.0.0.145 and earlier for both Mac and Windows, including the versions integrated into Chrome and IE. The new version will be 14.0.0.176 in most cases. Google Chrome users will get 14.0.0.177 and the NPAPI plugin for Firefox will be version 14.0.0.179.

Flash Player 11.2.202.394 and earlier versions for Linux are vulnerable and users should update to 11.2.202.400.

As is always the case with Flash updates, Adobe AIR and the AIR SDK are also updated.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion