Bugs & Fixes: With exploit roaming in the wild, Adobe updates Flash and Air

Anything that makes Flash safer is good. In this case, a known exploit makes the update well worth your time.

You don't want some evildoer to take over your system remotely, and neither does Adobe. Citing this potential vulnerability, Adobe patched its Flash Player to version 11 to 11.7.700.269 (Windows and Macintosh), and (Linux).

This is an update well worth doing. Adobe identifies each specific vulnerabilty by a Common Vulnerabilities and Exposure numbers: For instance, this update addresses CVE-2014-0498, describing a remote execution vulnerability, and CVE-2014-0499, which covers some unsecured code addresses.

But the third one's the kicker: CVE-2014-0502 involves a bizarre situation where the same memory is being freed twice, possibly leading to a buffer overflow. You may wonder what this has to do with anything, but Adobe is "aware of reports that an exploit for CVE-2014-0502 exists in the wild, and recommends users update their product installations."

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags malwareadobeflash

More about Adobe SystemsExposureLinux

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jon L. Jacobi

Latest Videos

More videos

Blog Posts