Patch/Configuration Management, Vulnerability Management

Critical Adobe Flash Player vulnerabilities addressed in Tuesday update


Critical vulnerabilities in Adobe Flash Player that could allow an attacker to take control of Windows, Macintosh and Linux systems were addressed by the company in a Tuesday update.

The impacted versions are Adobe Flash Player and earlier for Windows and Macintosh, and Adobe Flash Player and earlier for Linux.

Adobe AIR and earlier for Android, Adobe AIR SDK and earlier, and Adobe AIR SDK & Compiler and earlier received updates for lower priority vulnerabilities.

Two flaws were found through HP's Zero Day Initiative; a use-after-free, discovered by VUPEN, which could result in arbitrary code execution, and a buffer overflow, reported anonymously, that could also result in arbitrary code execution.

A security bypass vulnerability that could lead to information disclosure was discovered by Bas Venis, and a cross-site-scripting vulnerability was discovered by Masato Kinugawa.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.