Adobe Fixes Flash Player

September 11, 2013

Adobe Systems has released a new version of its Flash Player for all platforms: Windows, Mac OS X, Linux, and Android.  The new version fixes four serious security vulnerabilities identified in Adobe’s Security Bulletin [APSB13-21]; the affected versions of the Flash Player software are:

  • Adobe Flash Player 11.8.800.94 and earlier versions for Windows and Macintosh
  • Adobe Flash Player 11.2.202.297 and earlier versions for Linux
  • Adobe Flash Player 11.1.115.69 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.64 and earlier versions for Android 3.x and 2.x
  • Adobe AIR 3.8.0.870 and earlier versions for Windows and Android
  • Adobe AIR 3.8.0.910 and earlier versions for Macintosh
  • Adobe AIR 3.8.0.870 SDK & Compiler and earlier versions for Windows
  • Adobe AIR 3.8.0.910 SDK & Compiler and earlier versions for Macintosh

Further details are given in the Security Bulletin.

Windows, Linux, and Mac OS X users can get the new release from Adobe’s download page.  For Windows and Mac OS X, the new version is 11.8.800.168; the new version for Linux is 11.2.202.310.  (Windows users should note that they may require two updates: one for Internet Explorer, and one for all other browsers.) Details of the new Android versions are given in the Security Bulletin.

The Flash Player bundled with Google’s Chrome browser should be updated automatically to version 11.8.800.170, according to a post on the “Chrome Releases” blog.

Windows, Linux, and Mac OS X  users can check the version of Flash Player installed on their systems by visiting Adobe’s About Flash Player page.


Adobe Updates Flash Player

June 16, 2013

This past week, Adobe issued a Security Bulletin  [APSB 13-16] and a new version of its Flash Player to address several potentially Critical security vulnerabilities.  This  bulletin affects all platforms; according to Adobe, the affected versions of the software are:

  • Adobe Flash Player 11.7.700.202 and earlier versions for Windows
  • Adobe Flash Player 11.7.700.203 and earlier versions for Macintosh
  • Adobe Flash Player 11.2.202.285  and earlier versions for Linux
  • Adobe Flash Player 11.1.115.58 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.54 and earlier versions for Android 3.x and 2.x
  • Adobe AIR 3.7.0.1860 and earlier versions for Windows and Macintosh
  • Adobe AIR 3.7.0.1860 and earlier versions for Android
  • Adobe AIR 3.7.0.1860 SDK & Compiler and earlier versions

You can verify the version of Flash Player installed on your system by visiting the “About Flash Player” page at Adobe’s site.  (The page will also show you the current version numbers of Flash Player for all platforms.)  Updated versions of the player, for Windows, Mac, and Linux platforms, can be downloaded here.  For information on AIR and Android updates, please see the Security Bulletin.

The Flash player is one of the most commonly installed pieces of software on user computers.  Because it is so common, and because it is installed across multiple platforms, it is a very attractive target for the Bad Guys.  I strongly recommend updating your systems as soon as you conveniently can.


Critical Updates for Adobe Reader, Acrobat — and Flash

May 14, 2013

As expected, Adobe has released new versions of its Acrobat and Reader software, incorporating critical security updates.  There is also a critical update for Flash Player, though this was not included in the preview announcement.

The updates for Reader and Acrobat address a total of 27 identified vulnerabilities. According to the Security Bulletin [APSB 13-15], the vulnerable versions of Acrobat and Reader are:

  • Adobe Reader XI (11.0.02) and earlier 11.x versions for Windows and Macintosh
  • Adobe Reader X (10.1.6) and earlier 10.x versions for Windows and Macintosh
  • Adobe Reader 9.5.4 and earlier 9.x versions for Windows, Macintosh and Linux
  • Adobe Acrobat XI (11.0.02) and earlier 11.x versions for Windows and Macintosh
  • Adobe Acrobat X (10.1.6) and earlier 10.x versions for Windows and Macintosh
  • Adobe Acrobat 9.5.4 and earlier 9.x versions for Windows and Macintosh

The Security Bulletin lists the appropriate new versions for these. Users of Reader or Acrobat on Windows or Mac OS X can get the new version via the update mechanism built into the software, which is set to check for updates automatically by default; to initiate a check manually, choose Help / Check for Updates from the product menu. Alternatively, you can download appropriate Reader updates from these links:

Please see the Security Bulletin for Acrobat update downloads, and for further details.

As noted above, Adobe has also released Critical updates for Flash Player; according to the Security Bulletin [ASPB 13-14], these fixes address 13 identified vulnerabilities. Affected versions of the software are:

  • Adobe Flash Player 11.7.700.169 and earlier versions for Windows and Macintosh
  • Adobe Flash Player 11.2.202.280 and earlier versions for Linux
  • Adobe Flash Player 11.1.115.54 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.50 and earlier versions for Android 3.x and 2.x
  • Adobe AIR 3.7.0.1530 and earlier versions for Windows and Macintosh
  • Adobe AIR 3.7.0.1660 and earlier versions for Android
  • Adobe AIR 3.7.0.1530 SDK & Compiler and earlier versions

Users on Windows or Mac OS X systems should received the update automatically, if they have enabled the option “Allow Adobe to install updates”. Otherwise, they can obtain the new version from the Flash Player Download Center, as can Linux users. Please see the Security Bulletin for Android updates. Google Chrome ships with its own version of Flash Player, and I would expect a new version of Chrome, incorporating these updates, to appear “real soon now”. I’ll update this post when it’s available.

Because they are so widely installed across platforms, Reader and Flash Player have been tempting targets for the Bad Guys. I suggest that you update your systems as soon as you conveniently can.

Update Tuesday, 14 May, 13:05 EDT

According to a post on the Chrome Releases blog, Google is now pushing Flash Player updates for the Windows and Mac versions of Chrome.  (Mea culpa: I had forgotten that they had added to capability to update things like Flash without doing a whole new version.)


Flash Player Security Bulletin

April 9, 2013

Adobe has released a new Security Bulletin [APSB13-11] for its Flash Player software for all platforms, and for Adobe AIR.  The new patches address four identified security vulnerabilities; Adobe rates the security impact of this bulletin as Critical; these vulnerabilities might allow an attacker to take control of a vulnerable system.  According to Adobe, the affected versions of the software are:

  • Adobe Flash Player 11.6.602.180 and earlier versions for Windows and Macintosh
  • Adobe Flash Player 11.2.202.275  and earlier versions for Linux
  • Adobe Flash Player 11.1.115.48 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.44 and earlier versions for Android 3.x and 2.x
  • Adobe AIR 3.6.0.6090 and earlier versions for Windows, Macintosh and Android
  • Adobe AIR 3.6.0.6090 SDK & Compiler and earlier versions

The new version of Flash Player for Windows and Mac OS X is 11.7.700.169; for Linux, it is 11.2.202.280.  Please see the Security Bulletin for information and update information for Android and AIR.  Google will presumably release a new version of its Chrome browser  to include an updated Flash Player.

Windows users who have the silent update option enabled should receive the new version automatically.  Windows or Mac OS X users can get the update using the update mechanism built into the software.  Alternatively, the new version for Windows, Linux, and Mac OS X is available from Adobe’s download page.  Windows users should remember that they may need two updates: one for Internet Explorer, and one for any other browser(s) you may use.

Flash Player has, historically, been an attractive attack target, because it is so widely installed across different platforms. I recommend updating your systems as soon as you conveniently can.


Flash Player Security Update

March 12, 2013

Not wanting, apparently, to be left out of the Patch Tuesday fun, Adobe has released a new Security Bulletin [APSB13-09] for its Flash Player for all platforms.  The updates address four identified security flaws that, if exploited, might lead to a system crash or remote code execution.  (One of these relates to handling of an integer overflow exception; the other three are good old-fashioned memory management errors.)  According to Adobe, the following versions of the software are affected:

  • Adobe Flash Player 11.6.602.171 and earlier versions for Windows and Macintosh
  • Adobe Flash Player 11.2.202.273 and earlier versions for Linux
  • Adobe Flash Player 11.1.115.47 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.43 and earlier versions for Android 3.x and 2.x
  • Adobe AIR 3.6.0.597 and earlier versions for Windows, Macintosh and Android
  • Adobe AIR 3.6.0.597 SDK and earlier versions
  • Adobe AIR 3.6.0.599 SDK & Compiler and earlier versions

The new version number for Mac OS X and Windows is 11.6.602.180; for Linux it is 11.2.202.275.  Please see the Security Bulletin for information and update information for Android and AIR.

Windows users who have the silent update option enabled should receive the new version automatically.  Windows or Mac OS X users can get the update using the update mechanism built into the software.  Alternatively, the new version for Windows, Linux, and Mac OS X is available from Adobe’s download page.  Windows users should remember that they may need two updates: one for Internet Explorer, and one for any other browser(s) you may use.

Flash Player has, historically, been an attractive attack target, because it is so widely installed across different platforms. I recommend updating your systems as soon as you conveniently can.


Another Flash Player Security Update

February 12, 2013

Adobe has once again released new versions of its Flash Player for Windows, Mac OS X, Android, and Linux systems.  According to Adobe’s Security Bulletin [APSB13-05], the updates address 17 identified security vulnerabilities in the software (the Security Bulletin gives the CVE identifiers for these).  An attacker exploiting any of these vulnerabilities could cause a crash, and potentially take control of the target system,

According to Adobe, the following versions of the software are affected:

  • Adobe Flash Player 11.5.502.149 and earlier versions for Windows and Macintosh
  • Adobe Flash Player 11.2.202.262 and earlier versions for Linux
  • Adobe Flash Player 11.1.115.37 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.32 and earlier versions for Android 3.x and 2.x
  • Adobe AIR 3.5.0.1060 and earlier versions
  • Adobe AIR 3.5.0.1060 SDK and earlier versions

For Mac OS X, Linux, or Windows systems, you can check the version of Flash Player that you are using by visiting Adobe’s About Flash Player page.

The new versions are 11.6.602.168 for Windows systems, 11.6.602.167 for Mac systems, and 11.2.202.270 for Linux systems.  (Adobe is no longer providing new Linux versions of Flash Player, but it is still releasing security updates.)   The new version number for the Flash Player bundled with Google’s Chrome browser is 11.6.602.167.  Please see the Security Bulletin for information on Android versions.

Flash Player has always been an attractive target for the Bad Guys, because it is so widely installed across platforms.  Although I have not seen any reports of exploits “in the wild”, I do recommend that you update your systems as soon as you conveniently can.

Windows users who have the silent update option enabled should receive the new version automatically.  Windows or Mac OS X users can get the update using the update mechanism built into the software.  Alternatively, the new version for Windows, Linux, and Mac OS X is available from Adobe’s download page.  Windows users should remember that they may need two updates: one for Internet Explorer, and one for any other browser(s) you may use.


Adobe Flash Player Security Update

February 7, 2013

Adobe today released new versions of its Flash Player for Windows, Mac OS X, Android, and Linux systems.  According to Adobe’s Security Bulletin [APSB13-04], the updates address two critical vulnerabilities in the software.  (The vulnerabilities are identified as CVE-2013-0633 and CVE-2013-0634.)   An attacker exploiting either of these vulnerabilities could cause a crash, and potentially take control of the target system,

There are reports that both of these vulnerabilities are being exploited “in the wild”, via malicious Web sites and E-mail attachments.

The following versions of the software are affected:

  • Adobe Flash Player 11.5.502.146 and earlier versions for Windows and Macintosh
  • Adobe Flash Player 11.2.202.261 and earlier versions for Linux
  • Adobe Flash Player 11.1.115.36 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.31 and earlier versions for Android 3.x and 2.x

For Mac OS X, Linux, or Windows systems, you can check the version of Flash Player that you are using by visiting Adobe’s About Flash Player page.

The new versions are 11.5.502.149, for Windows and Mac systems, and 11.2.202.262 for Linux systems.  (Adobe is no longer providing new Linux versions of Flash Player, but it is still releasing security updates.)   Please see the Security Bulletin for information on Android versions.

Flash Player has always been an attractive target for the Bad Guys, because it is so widely installed across platforms.  Although I have not seen any reports of exploits “in the wild”, I do recommend that you update your systems as soon as you conveniently can.

Windows users who have the silent update option enabled should receive the new version automatically.  Windows or Mac OS X users can get the update using the update mechanism built into the software.  Alternatively, the new version for Windows, Linux, and Mac OS X is available from Adobe’s download page.  Windows users should remember that they may need two updates: one for Internet Explorer, and one for any other browser(s) you may use.

Google’s Chrome browser comes with a bundled version of Flash Player.  Although I have not yet seen a release announcement from Google, I expect that we will get a new version of Chrome fairly soon.  I’ll post a note when I see the announcement.


%d bloggers like this: