October 22, 2014

Adobe releases surprise update for Flash

(LiveHacking.Com) – Just one week after releasing a security update for its Flash Player, Adobe has now released a second security update and, unlike last week’s update, it also covers Android. The update for Adobe Flash Player brings the version number for Windows, Macintosh and Linux to 11.4.402.265, users of Adobe Flash Player 11.1.115.11 and earlier versions on Android 4.x devices can now upgrade to Adobe Flash Player 11.1.115.17. The updates fix multiple vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

There are six critical bug fixes in this release.  This means that, if exploited, these bugs  would allow malicious native-code to execute, potentially without a user being aware. The first four bugs are memory corruption vulnerabilities that could lead to code execution, the fifth is an integer overflow vulnerability and the last is a cross-domain information leak vulnerability.

The update has taken many IT managers and security experts by surprise. Adobe (in recent times) releases security updates for its products on the second Tuesday of the month. However it has also remained committed to being flexible when faced with a zero-day attack. Since this new release could be considered out-of-band (as last week’s update also covered Shockwave Player and Acrobat Reader), does Adobe know something about a zero day attack which hasn’t yet been published? Or was last weeks update the out-of-band release as the CVE-2012-1535 vulnerability was being exploited in the wild (via a malicious Word document) and this release is the normal monthly security update?

As a result of the updates Google has released a new version of the Chrome web browser.

AFFECTED SOFTWARE VERSIONS

  • Adobe Flash Player 11.3.300.271 and earlier versions for Windows, Macintosh and Linux operating systems
  • Adobe Flash Player 11.1.115.11 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.10 and earlier versions for Android 3.x and 2.x
  • Adobe AIR 3.3.0.3670 and earlier versions for Windows and Macintosh
  • Adobe AIR 3.3.0.3690 SDK (includes AIR for iOS) and earlier versions
  • Adobe AIR 3.3.0.3650 and earlier versions for Android
Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks