Adobe releases patches for Flash Player and Shockwave Player

The new updates address 19 critical vulnerabilities

Adobe released security updates for Flash Player and Shockwave Player on Tuesday in order to address a total of 19 vulnerabilities affecting the two products.

New stand-alone versions of Flash Player 11 were released for Windows, Mac, Linux and Android. The Flash Player plug-ins bundled with Google Chrome and Internet Explorer 10 will be automatically updated through the update mechanisms of the two browsers.

The new Flash Player versions patch 17 vulnerabilities, 16 of which are critical and can result in remote code execution. These vulnerabilities "could cause a crash and potentially allow an attacker to take control of the affected system," Adobe said in a security advisory. The other vulnerability could result in information disclosure.

New versions of Flash Player 10 have also been released for Windows, Mac and Linux in order to accommodate users who, for whatever reason, cannot upgrade to Flash Player 11.

Adobe AIR, a cross-platform runtime system for rich Internet applications, and the Adobe AIR SDK (Software Development Kit) have also received updates because they bundle Flash Player.

Adobe has a list of the new Flash Player and Adobe AIR version numbers for each specific platform in the "Solution" section of its APSB13-05 security advisory.

Adobe Shockwave Player, which is required for displaying some online content such as 3D games, product demonstrations, simulations and e-learning courses created with Adobe's Director software, has been updated to version 12.0.0.112 for the Windows and Mac platforms. The new version addresses two critical vulnerabilities that could allow attackers to run malicious code on the underlying systems.

Shockwave Player is not as popular as Flash Player, but according to Adobe, it still has a user base of more than 450 million.

The patches released Tuesday follow Adobe's new security update cycle. Back in November, the company announced that it will align its releases of Flash Player security updates with Microsoft's Patch Tuesday schedule, which sees security patches released on the second Tuesday of every month.

However, Adobe was forced to break out of this schedule last Thursday when it released an emergency update for Flash Player in order to address two actively exploited vulnerabilities.

Adobe is not aware of any exploits or attacks in the wild that target any of the issues addressed in the new Flash Player or Shockwave Player updates, said Heather Edell, senior manager of corporate communications at Adobe, in an email message on Tuesday.

Tags: patches, online safety, security, Adobe Systems, Exploits / vulnerabilities

Turkey’s ISPs hijack Google’s DNS service, killing bypass for Twitter, YouTube ban

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Authentication

RSA offers a wide range of strong two-factor authentication solutions to help organizations assure user identities and meet compliance requirements.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.