Adobe issues patches for 11 critical vulnerabilities in Flash Player

Adobe's latest security update includes patches for vulnerabilities which allow remote code execution.

screen-shot-2015-03-13-at-12-35-17.png

Adobe has issued patches for security vulnerabilities in Flash Player -- 11 of which are deemed critical.

On Thursday, Adobe issued its latest set of security updates for the Adobe Flash Player. The updates for Windows, Mac and Linux users address "vulnerabilities that could potentially allow an attacker to take control of the affected system," according to the software giant.

The security update fixes issues affecting Adobe Flash Player desktop runtime for Windows and Mac, the Adobe Flash Player Extended Support Release, Adobe Flash Player for Linux and Flash Player installed with IE and Google Chrome.

The patches solve memory corruption vulnerabilities and type confusion vulnerabilities which could lead to remote code execution, vulnerabilities which could cause the bypass of cross-domain policies, as well as security issues which allow the circumvention of file upload restriction. In addition, other updates fix an integer overflow vulnerability and use-after-free vulnerabilities which could lead to remote code execution.

Adobe recommends that users update their products to the latest versions. Windows and Mac users of the Adobe Flash Player desktop runtime should update to Adobe Flash Player 17.0.0.134, users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.277, and users of the Adobe Flash Player for Linux need to update to Adobe Flash Player 11.2.202.451.

Google Chrome users with Flash Player enabled, as well as users of Internet Explorer on Windows 8.x with the software will see an automatic update to version 17.0.0.134.

Adobe Flash Player version 16.0.0.305 and previous versions, as well as 13.0.0.269, 11.2.202.442 and both earlier 11.x and 13.x are affected by the latest security patch.

Within the security bulletin, Adobe has given credit to Google Project Zero researchers, Intel Labs and McAfee Labs, HP's Zero Day Initiative team, the NCC Group and the Chromium vulnerability reward program.

On Tuesday, Microsoft released over a dozen security updates which fix security issues related to Internet Explorer, older versions of Windows, Microsoft Text Services flaws and Microsoft Office vulnerabilities, among others.

Read on: In the world of security

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All