Patch/Configuration Management, Vulnerability Management

Adobe doles out Flash security fixes, Microsoft follows


Adobe on Monday delivered a surprise batch of patches to correct 25 vulnerabilities, rated "critical," in its flagship Flash technology.

Despite the unexpected release, none of the flaws are being exploited in the wild, but Adobe, in a bulletin, suggested that Windows users running Flash should be the first to act on the update.

According to the company, Flash for Windows and Mac users should upgrade to version 11.4.402.287; Flash for Linux users should update to version; and users of Flash for Android should either install version or, depending on the version of the mobile operating system that they are running.

For users of Flash installed on Chrome, no action will be necessary as Google will automatically update them with the latest version of the popular software.

Meanwhile, Microsoft on Monday released corresponding patches for the 25 vulnerabilities, according to an advisory. The update addresses Flash in Internet Explorer (IE) 10, running on Windows 8 and Windows Server 2012. Microsoft was required to deliver these fixes in addition to Adobe because Flash is bundled in IE 10 and is not installed by users as a separate plug-in.

Windows 8 is due out later this month.

It's unclear why Adobe issued the patches when they did -- one day before Microsoft's scheduled Patch Tuesday updates -- but according to reports, it might be due to the Pwnium bug-finding competition, scheduled to take place Wednesday at the Hack in the Box conference in Malaysia, where millions of dollars of prizes are at stake.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.