Adobe patches security issues in Flash and Shockwave players

Adobe patches security issues in Flash and Shockwave players

Summary: New versions of the players fix critical vulnerabilities in each.

SHARE:
TOPICS: Security
4

Adobe has released updates for the Flash Player and Shockwave Player to address vulnerabilities in the previous versions. In the case of the Flash vulnerability, Adobe says that there is an exploit available, but not whether it is being used in the wild.

Adobe.Flash.Logo

The vulnerabilities in the old Flash Player are both critical and highest priority. The vulnerable versions are:

  • Adobe Flash Player 11.9.900.152 and earlier versions for Windows and Macintosh
  • Adobe Flash Player 11.2.202.327 and earlier versions for Linux
  • Adobe AIR 3.9.0.1210 and earlier versions for Windows and Macintosh
  • Adobe AIR 3.9.0.1210 and earlier versions for Android
  • Adobe AIR 3.9.0.1210 SDK and earlier versions
  • Adobe AIR 3.9.0.1210 SDK & Compiler and earlier versions

Flash Player users on Windows and Mac should update to version 11.9.900.170. Flash Player users on Linux should update to version 11.2.202.332. The current version of Google Chrome (31.0.1650.63) already integrates the current version of Flash Player, as does the latest versions of Internet Explorer 10 and 11.

The vulnerabilities in Flash could cause the player to crash or execute remote code. Adobe says that they are "...aware of reports that an exploit designed to trick the user into opening a Microsoft Word document with malicious Flash (.swf) content exists..." Adobe Flash Player has mitigated against this form of attack since version 11.6.

One of the Flash Player vulnerabilities is described in detail by its author, Attila Suszter of Reversing on Windows blog.

The Shockwave Player vulnerabilities could also result in remote code execution. Shockwave Player 12.0.6.147 and earlier versions on Windows and Mac are vulnerable. The new, fixed version is 12.0.7.148.

The new Flash Player may be downloaded here.

The new Shockwave Player may be downloaded here.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • Fakebook

    Since many people still uses fakebook, operating systems and products like flash or java, are no longer the main focus of security. It is sad that some people still uses that crap and they don't have any idea about what they allow FB to use their personal information. And others say Google spies on us... yeah... just imagine Fake Book of Internet (FBI).
    OleMadrid
    • Bye Bye Flash

      I cant wait until Flash is gone for good.

      Its currently dropped to use on just 16% of websites and falling: http://w3techs.com/technologies/details/cp-flash/all/all
      timothyja
      • Bye Bye Flash (but not quite)

        Flash may not be completely gone for good as Flash is still used for advertising content though and will still be used for other things like courseware as well.
        rcm0502@...
        • Bye Bye Flash (but not quite)

          I don't need either.
          JTONLY