Adobe plugs critical Flash Player vulnerabilities

Share this article:

Adobe has released fixes for seven critical bugs in its Flash Player plug-in.

On Tuesday, the company published a security bulletin detailing the vulnerabilities, which could potentially allow an attacker to takeover vulnerable systems, Adobe said. Five bugs were memory leakage vulnerabilities which saboteurs could exploit to bypass memory address randomization.

The update also patched a security bypass flaw and user-after-free vulnerability that could lead to code execution, the bulletin said. The release was for Adobe Flash Player 140.0.0.145 and earlier on Windows and Macintosh platforms, and for Flash Player 11.2.202.394 and earlier versions for Linux.

Adobe acknowledged researchers from Google Project Zero and HP's Zero Day Initiative for reporting the memory leakage vulnerabilities, and helping to resolve the issue. Wen Guanxing of Venustech Adlab and Soroush Dalili of NCC Group disclosed information on the remaining bugs, the company said.

UPDATE: On Tuesday, Adobe also patched a critical vulnerability (CVE-2014-0546) affecting Adobe Reader and Acrobat XI (11.0.07) and early versions for Windows. According to the company, the sandbox bypass vulnerability had already been leveraged to carry out zero-day attacks in "limited, isolated" instances against Adobe Reader users. The bug could be exploited to run native code with escalated privileges on Windows, a security bulletin said.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Android bug allowing SOP bypass a 'privacy disaster,' researcher warns

Google reportedly addressed the issue, but many users likely await the fix from providers or OEMs.

Congressman asks Issa for hearing on CHS breach

The top Democrat on the House Oversight and Government Reform Committee asked for a hearing to investigate the CHS breach.

Google reveals 150 percent jump in gov't requests for user data

Google indicated in its most recent transparency report that it also saw a 15 percent jump in government requests for user data since the end of last year.