Adobe Patches Flash Player, Reader

Not to be left out of this month’s “Patch Tuesday” festivities, Adobe has released security updates for its Reader, Acrobat, Flash Player, and AIR software.

The Security Bulletin [APSB14-01] for Acrobat and Reader applies only to the Windows and Mac OS X platforms.  Adobe says the affected software versions are:

• Adobe Reader XI (11.0.05) and earlier 11.x versions for Windows and Macintosh
• Adobe Reader X (10.1.8) and earlier 10.x versions for Windows and Macintosh
• Adobe Acrobat XI (11.0.05) and earlier 11.x versions for Windows and Macintosh
• Adobe Acrobat X (10.1.8) and earlier 10.x versions for Windows and Macintosh

Adobe rates the severity of the vulnerabilities addressed by this bulletin as Critical.  You can obtain the new version using the software’s built-in update mechanism (Help / Check for Updates); alternatively, you can download Reader installation packages for all platforms here.

The Security Bulletin [APSB14-02] for Flash Player and AIR applies to all platforms (Windows, Linux, and Mac OS X).  Affected software versions are:

• Adobe Flash Player 11.9.900.170 and earlier versions for Windows and Macintosh
• Adobe Flash Player 11.2.202.332 and earlier versions for Linux
• Adobe AIR 3.9.0.1380 and earlier versions for Windows and Macintosh
• Adobe AIR 3.9.0.1380 and earlier versions for Android
• Adobe AIR 3.9.0.1380 SDK and earlier versions
• Adobe AIR 3.9.0.1380 SDK & Compiler and earlier versions

(You can check the version of Flash Player installed on your system by visiting Adobe’s About Flash Player page.)  Adobe says this is also a Critical vulnerability.  Users of Google’s Chrome browser, of of Microsoft’s Internet Explorer (Versions 10 and 11) should get the new (bundled) Flash Player automatically.   Others can obtain installation packages for all platforms from Adobe’s Flash Player Download Center.   Please see the Security Bulletin for information on AIR updates.

These Adobe packages have, historically, been popular targets for attackers, because they are widely installed across different platforms.  I recommend that you update you systems as soon as you conveniently can.

Adobe Updates Flash Player

Adobe has issued a new Security Bulletin [APSB13-28] for its Flash Player.  The fixes address two critical security vulnerabilities.  According to Adobe, the affected software versions are:

• Adobe Flash Player 11.9.900.152 and earlier versions for Windows and Macintosh
• Adobe Flash Player 11.2.202.327 and earlier versions for Linux
• Adobe AIR 3.9.0.1210 and earlier versions for Windows and Macintosh
• Adobe AIR 3.9.0.1210 and earlier versions for Android
• Adobe AIR 3.9.0.1210 SDK and earlier versions
• Adobe AIR 3.9.0.1210 SDK & Compiler and earlier versions

Note that Adobe’s AIR software is also affected.  You can check the version of Flash Player that you have, at any time, by visiting the Adobe “About Flash” page.

The new version of Flash Player for Windows and Mac OS X is 11.9.900.170; for Linux, the new version is 11.2.202.332.  Please see the Security Bulletin for information on Android versions.

Flash Player has always been a popular target for attackers, because it is so widely installed across different platforms.  There is some evidence that the vulnerabilities addressed by these fixes are being exploited; therefore I recommend that you update your system as soon as you conveniently can.

Users of Google’s Chrome browser, and of Internet Explorer 10 or 11 on Windows 8/8.1, should get the updated version automatically via the built-in update mechanism.  Other users can obtain the new version from the Flash Player Download page.

Adobe Updates Flash Player

This past week, Adobe issued a Security Bulletin  [APSB 13-16] and a new version of its Flash Player to address several potentially Critical security vulnerabilities.  This  bulletin affects all platforms; according to Adobe, the affected versions of the software are:

• Adobe Flash Player 11.7.700.202 and earlier versions for Windows
• Adobe Flash Player 11.7.700.203 and earlier versions for Macintosh
• Adobe Flash Player 11.2.202.285  and earlier versions for Linux
• Adobe Flash Player 11.1.115.58 and earlier versions for Android 4.x
• Adobe Flash Player 11.1.111.54 and earlier versions for Android 3.x and 2.x
• Adobe AIR 3.7.0.1860 and earlier versions for Windows and Macintosh
• Adobe AIR 3.7.0.1860 and earlier versions for Android
• Adobe AIR 3.7.0.1860 SDK & Compiler and earlier versions

You can verify the version of Flash Player installed on your system by visiting the “About Flash Player” page at Adobe’s site.  (The page will also show you the current version numbers of Flash Player for all platforms.)  Updated versions of the player, for Windows, Mac, and Linux platforms, can be downloaded here.  For information on AIR and Android updates, please see the Security Bulletin.

The Flash player is one of the most commonly installed pieces of software on user computers.  Because it is so common, and because it is installed across multiple platforms, it is a very attractive target for the Bad Guys.  I strongly recommend updating your systems as soon as you conveniently can.

Flash Player Security Bulletin

Adobe has released a new Security Bulletin [APSB13-11] for its Flash Player software for all platforms, and for Adobe AIR.  The new patches address four identified security vulnerabilities; Adobe rates the security impact of this bulletin as Critical; these vulnerabilities might allow an attacker to take control of a vulnerable system.  According to Adobe, the affected versions of the software are:

• Adobe Flash Player 11.6.602.180 and earlier versions for Windows and Macintosh
• Adobe Flash Player 11.2.202.275  and earlier versions for Linux
• Adobe Flash Player 11.1.115.48 and earlier versions for Android 4.x
• Adobe Flash Player 11.1.111.44 and earlier versions for Android 3.x and 2.x
• Adobe AIR 3.6.0.6090 and earlier versions for Windows, Macintosh and Android
• Adobe AIR 3.6.0.6090 SDK & Compiler and earlier versions

The new version of Flash Player for Windows and Mac OS X is 11.7.700.169; for Linux, it is 11.2.202.280.  Please see the Security Bulletin for information and update information for Android and AIR.  Google will presumably release a new version of its Chrome browser  to include an updated Flash Player.

Windows users who have the silent update option enabled should receive the new version automatically.  Windows or Mac OS X users can get the update using the update mechanism built into the software.  Alternatively, the new version for Windows, Linux, and Mac OS X is available from Adobe’s download page.  Windows users should remember that they may need two updates: one for Internet Explorer, and one for any other browser(s) you may use.

Flash Player has, historically, been an attractive attack target, because it is so widely installed across different platforms. I recommend updating your systems as soon as you conveniently can.

Flash Player Security Update

Not wanting, apparently, to be left out of the Patch Tuesday fun, Adobe has released a new Security Bulletin [APSB13-09] for its Flash Player for all platforms.  The updates address four identified security flaws that, if exploited, might lead to a system crash or remote code execution.  (One of these relates to handling of an integer overflow exception; the other three are good old-fashioned memory management errors.)  According to Adobe, the following versions of the software are affected:

• Adobe Flash Player 11.6.602.171 and earlier versions for Windows and Macintosh
• Adobe Flash Player 11.2.202.273 and earlier versions for Linux
• Adobe Flash Player 11.1.115.47 and earlier versions for Android 4.x
• Adobe Flash Player 11.1.111.43 and earlier versions for Android 3.x and 2.x
• Adobe AIR 3.6.0.597 and earlier versions for Windows, Macintosh and Android
• Adobe AIR 3.6.0.597 SDK and earlier versions
• Adobe AIR 3.6.0.599 SDK & Compiler and earlier versions

The new version number for Mac OS X and Windows is 11.6.602.180; for Linux it is 11.2.202.275.  Please see the Security Bulletin for information and update information for Android and AIR.

Windows users who have the silent update option enabled should receive the new version automatically.  Windows or Mac OS X users can get the update using the update mechanism built into the software.  Alternatively, the new version for Windows, Linux, and Mac OS X is available from Adobe’s download page.  Windows users should remember that they may need two updates: one for Internet Explorer, and one for any other browser(s) you may use.

Flash Player has, historically, been an attractive attack target, because it is so widely installed across different platforms. I recommend updating your systems as soon as you conveniently can.

Security Updates for Flash Player

Adobe has released security updates for its Flash Player software that address a number of critical security vulnerabilities.  According to the Security Bulletin [APSB12-22], the affected versions of the software are:

• Adobe Flash Player 11.4.402.278 and earlier versions for Windows
• Adobe Flash Player 11.4.402.265 and earlier versions for Macintosh
• Adobe Flash Player 11.2.202.238 and earlier versions for Linux
• Adobe Flash Player 11.1.115.17 and earlier versions for Android 4.x
• Adobe Flash Player 11.1.111.16 and earlier versions for Android 3.x and 2.x

(The Adobe AIR software is also affected; please see the Security Bulletin for details.)  Adobe has identified 25 vulnerabilities fixed in this release.  Of these, 14 involve buffer overflows, and 11 involve memory corruption bugs.

The updated software has the following new version numbers:

• Windows and Mac OS X:  11.4.402.287
• Linux: 11.2.202.243
• Android 4.x: 11.1.115.20
• Android 2.x, 3.x: 11.1.111.119

Google will presumably release a new version of the Chrome browser to update the bundled Flash Player.  For new AIR version numbers, please see the Security Bulletin.

Because Flash Player is so widely installed across different platforms, it is a tempting target; I recommend that you update your systems as soon as you conveniently can.  Windows and Mac users can get the new version using the update mechanism built into the product; alternatively, you can get the new version from the Flash Player download center.  Windows users should remember that they may need two updates: one for the Internet Explorer plugin, and one for any other browsers they may have.