Adobe patches Flash zero day

Summary:[UPDATED] A vulnerability in Flash Player for Windows, Mac and Linux is being exploited in the wild. An update is available from Adobe (and Google and Microsoft for their browsers).

Adobe has released new versions of Flash Player for Windows, Mac and Linux, to address a vulnerability that is being exploited in the wild.

Flash.Player
Click on image to install current version of Adobe Flash Player

The vulnerable versions are 13.0.0.182 and earlier versions for Windows; 13.0.0.201 and earlier versions for Macintosh; and 11.2.202.350 and earlier versions for Linux. These same versions embedded in Internet Explorer 10 and 11 and in Google Chrome will be updated automatically through those products' update mechanisms.

[UPDATE: Microsoft has released their update to versions of IE that have Flash embedded. It is the 23rd such update since the company began embeddeding Flash in IE in September 2012. As is usually the case, by the time Adobe released their update, Google had already pushed out an update to Chrome with it.]

The new versions are 13.0.0.206 for Windows and Mac and 11.2.202.356 for Linux.

This attack and update are unrelated to the zero day IE vulnerability just disclosed , the attack for which uses a Flash .SWF file as an attack vector. In that case no vulnerability has been indicated in Flash itself.

The vulnerability, which will be designated CVE-2014-0515, was reported to Google by Alexander Polyakov of Kaspersky Labs.

Topics: Security

About

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.