X
Tech

Adobe patches zero-day Flash flaw

Three vulnerabilities, including one being exploited in the wild, are fixed in another emergency update of the Flash Player from Adobe.
Written by Larry Seltzer, Contributor
get.adobe.com.flash
Click on image to install current version of Adobe Flash Player

Adobe has released critical updates for Flash Player on Windows, Mac and Linux. Versions 12.0.0.44 and earlier for Windows and Macintosh and versions 11.2.202.336 and earlier versions for Linux are vulnerable to up to three vulnerabilities.

One of these, CVE-2014-0502, is being exploited in the wild. Click here for more detail on how the attack was found by security firm Fireeye and how it behaves.

The new version of Adobe Flash Player on Windows and Mac is 12.0.0.70. The new version for Linux is 11.2.202.341. A Google Chrome update to version 33.0.1750.117 today includes the fixed Flash plugin bundled with that product. Microsoft has released an update for Windows 8.0 and 8.1 for the bundled Flash Player plugin in Internet Explorer 10 and 11.

Users may obtain the newest version of Adobe Flash Player from Adobe at get.adobe.com/flashplayer. Do not trust Flash Player installations or patches from any other source.

In addition to the zero-day flaw reported by Fireeye and the Google Security Team, two other vulnerabilities (CVE-2014-0498 and CVE-2014-0499) were reported to Adobe by Wen Guanxing of Venustech.

Editorial standards