Bugs & Fixes: With exploit roaming in the wild, Adobe updates Flash and Air

Anything that makes Flash safer is good. In this case, a known exploit makes the update well worth your time.

You don't want some evildoer to take over your system remotely, and neither does Adobe. Citing this potential vulnerability, Adobe patched its Flash Player to 12.0.0.7--and version 11 to 11.7.700.269 (Windows and Macintosh), and 11.2.202.341 (Linux).

This is an update well worth doing. Adobe identifies each specific vulnerabilty by a Common Vulnerabilities and Exposure numbers: For instance, this update addresses CVE-2014-0498, describing a remote execution vulnerability, and CVE-2014-0499, which covers some unsecured code addresses.

But the third one's the kicker: CVE-2014-0502 involves a bizarre situation where the same memory is being freed twice, possibly leading to a buffer overflow. You may wonder what this has to do with anything, but Adobe is "aware of reports that an exploit for CVE-2014-0502 exists in the wild, and recommends users update their product installations."

Join the CSO newsletter!

Error: Please check your email address.

Tags securityadobeflashmalware

More about Adobe SystemsExposureLinux

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jon L. Jacobi

Latest Videos

More videos

Blog Posts