Patch/Configuration Management, Vulnerability Management

Critical Adobe Flash Player vulnerabilities addressed in Tuesday update

Critical vulnerabilities in Adobe Flash Player that could allow an attacker to take control of Windows, Macintosh and Linux systems were addressed by the company in a Tuesday update.

The impacted versions are Adobe Flash Player 12.0.0.77 and earlier for Windows and Macintosh, and Adobe Flash Player 11.2.202.346 and earlier for Linux.

Adobe AIR 4.0.0.1628 and earlier for Android, Adobe AIR 4.0.0.1628 SDK and earlier, and Adobe AIR 4.0.0.1628 SDK & Compiler and earlier received updates for lower priority vulnerabilities.

Two flaws were found through HP's Zero Day Initiative; a use-after-free, discovered by VUPEN, which could result in arbitrary code execution, and a buffer overflow, reported anonymously, that could also result in arbitrary code execution.

A security bypass vulnerability that could lead to information disclosure was discovered by Bas Venis, and a cross-site-scripting vulnerability was discovered by Masato Kinugawa.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.