Adobe patches Flash Player

A dozen vulnerabilities mean new versions of Flash Player and AIR on all platforms, including iOS and Android.

Adobe has released new versions of Flash Player and Air for all platforms. The updates address 12 vulnerabilities in the products, some of them rated critical.

The vulnerable versions of Flash Player for Windows and Mac are 14.0.0.179 and earlier and 13.0.0.241 and earlier. Adobe Flash Player for Internet Explorer 10 and Internet Explorer 11 versions 14.0.0.176 and earlier and Adobe Flash Player for Google Chrome versions 14.0.0.177 and earlier are vulnerable. Adobe Flash Player 11.2.202.400 for Linux is also vulnerable, but the vulnerabilities are not rated critical on that version.

The Adobe AIR SDK, compiler and runtimes versions 14.0.0.178 and 14.0.0.179 on all platforms, including iOS and Android, are vulnerable.

Users may get updates to Flash Player from Adobe at this site and for AIR at this site. Never get Adobe updates from any site other than adobe.com.

The new versions are 15.0.0.152 for Windows and Mac and 13.0.0.244 for the Adobe Flash Player Extended Support Release. The new Linux version is 11.2.202.406. The new version of the Adobe AIR desktop runtime, SDK and SDK and Compiler 15.0.0.249. The new version of Adobe AIR for Android 15.0.0.252.

To fix the integrated Flash Players in them, Google will likely release updated Chrome versions today, and Microsoft will likely release updates to Internet Explorer as part of the general Patch Tuesday release.

The vulnerabilities included memory leakage that could be used to bypass memory address randomization, security bypass, use-after-free, memory corruption, same origin policy bypass and a heap buffer overflow.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All