Another Flash Player Security Update

February 12, 2013

Adobe has once again released new versions of its Flash Player for Windows, Mac OS X, Android, and Linux systems.  According to Adobe’s Security Bulletin [APSB13-05], the updates address 17 identified security vulnerabilities in the software (the Security Bulletin gives the CVE identifiers for these).  An attacker exploiting any of these vulnerabilities could cause a crash, and potentially take control of the target system,

According to Adobe, the following versions of the software are affected:

  • Adobe Flash Player 11.5.502.149 and earlier versions for Windows and Macintosh
  • Adobe Flash Player and earlier versions for Linux
  • Adobe Flash Player and earlier versions for Android 4.x
  • Adobe Flash Player and earlier versions for Android 3.x and 2.x
  • Adobe AIR and earlier versions
  • Adobe AIR SDK and earlier versions

For Mac OS X, Linux, or Windows systems, you can check the version of Flash Player that you are using by visiting Adobe’s About Flash Player page.

The new versions are 11.6.602.168 for Windows systems, 11.6.602.167 for Mac systems, and for Linux systems.  (Adobe is no longer providing new Linux versions of Flash Player, but it is still releasing security updates.)   The new version number for the Flash Player bundled with Google’s Chrome browser is 11.6.602.167.  Please see the Security Bulletin for information on Android versions.

Flash Player has always been an attractive target for the Bad Guys, because it is so widely installed across platforms.  Although I have not seen any reports of exploits “in the wild”, I do recommend that you update your systems as soon as you conveniently can.

Windows users who have the silent update option enabled should receive the new version automatically.  Windows or Mac OS X users can get the update using the update mechanism built into the software.  Alternatively, the new version for Windows, Linux, and Mac OS X is available from Adobe’s download page.  Windows users should remember that they may need two updates: one for Internet Explorer, and one for any other browser(s) you may use.

Microsoft Patch Tuesday, February 2013

February 12, 2013

As expected, Microsoft today released its regular monthly batch of security bulletins and associated patches.  This month there are twelve bulletins, addressing 57 identified vulnerabilities.  (An additional bulletin has been added since the preview announcement last Thursday.)  Five bulletins have a Critical severity rating, and seven are rated Important.   Ten of the bulletins are for Windows and its components; every supported version of Windows is affected.  All versions, except for the Server Core installation, have one or more Critical vulnerabilities.

There are also two bulletins that affect Microsoft server software: one, rated Critical, is for Exchange Server, and the other, rated Important, is for the FAST Search Server.

Microsoft says that seven of the Windows bulletins will definitely require a system restart.  The other bulletins may require one, depending on the system’s configuration.

For more detailed information, and download links, please see the Microsoft Security Bulletin Summary for February 2013.

As usual, I recommend applying these patches to your systems as soon as you conveniently can.

Update Tuesday, 12 February, 15:50 EST

The handlers at the SANS Internet Storm Center have posted their usual summary and evaluation of this month’s patches.

%d bloggers like this: