Adobe patches critical vulnerabilities in Flash Player, Reader and Acrobat

One vulnerability was fixed in Flash Player and 27 in Adobe Reader and Acrobat

Adobe Systems released new versions of Flash Player, Adobe Reader and Adobe Acrobat on Tuesday in order to address a total of 28 critical security vulnerabilities in the software products.

The newly released Flash Player versions are: Flash Player 11.5.502.146 for Windows and Mac, Flash Player 11.2.202.261 for Linux, Flash Player 11.1.115.36 for Android 4.x and Flash Player 11.1.111.31 for Android 3.x and earlier versions.

"These updates address a vulnerability that could cause a crash and potentially allow an attacker to take control of the affected system," Adobe said in a security advisory.

The Flash Player plug-ins that come bundled with Google Chrome and Internet Explorer 10 for Windows 8 will automatically be updated by Google and Microsoft through their respective update mechanisms.

The company also released version 3.5.0.1060 of its Adobe AIR Internet application runtime system, because the software includes Flash Player and was vulnerable to the same vulnerability.

Adobe also released updates for all supported editions of Adobe Reader and Acrobat in order to fix 27 vulnerabilities found in the products. With the exception of three vulnerabilities -- a privilege escalation and two security bypasses -- all other flaws could potentially be exploited to execute arbitrary code.

Users of Adobe Reader and Acrobat XI (11.x) should upgrade to the newly released Adobe Reader and Acrobat version 11.0.1, users of Adobe Reader and Acrobat X (10.x) should upgrade to version 10.1.5, and users of the older Adobe Reader and Acrobat 9.x should upgrade to version 9.5.3, the company said in a security advisory.

"Adobe is not aware of any exploits or attacks in the wild targeting any of the issues addressed in these updates," Wiebke Lips, Adobe's senior manager for corporate communications, said via email.

Tags patchesGoogleAdobe SystemssecurityMicrosoftsoftware

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

SECURE Web Gateway

Balancing the requirement for strong network security with the need to harness collaborative web technologies is essential for business growth.

Latest Jobs
Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.