Adobe Patches 18 Vulnerabilities in Flash

Status
Not open for further replies.

Adhit Prakosho

Level 19
Thread author
Verified
Top Poster
Well-known
Sep 14, 2014
929
adobe_flash_reader_patch-680x400.jpg

Adobe pushed out security updates for Flash Player this afternoon, addressing 18 different vulnerabilities, all critical, that could allow an attacker to take control of an affected system running the multimedia platform according to a security bulletin posted today.

The Patch Tuesday updates, available for Windows, Macintosh, and Linux machines, remedy vulnerabilities in several builds of Flash Player and AIR, Adobe’s run-time system.

The lion’s share of the vulnerabilities – 15 of the 18 – a use-after-free, double free, memory corruption, type confusion and buffer overflow vulnerability, could lead to code execution if left unpatched. Other vulnerabilities patched include issues that could trigger session tokens to be disclosed, and cause privilege escalation.

Researchers with Google Project Zero, the Chromium Rewards Project, Microsoft, and several other firms dug up the vulnerabilities.

Adobe is urging users running older versions of Flash Player (15.0.0.189 and earlier, 13.0.0.250 and earlier 13.x versions, 11.2.202.411 and earlier for Linux) and older versions of AIR (15.0.0.293 and earlier, SDK 15.0.0.302 and earlier, SDK & Compiler 15.0.0.302 and earlier, 15.0.0.293 and earlier for Android) to update as soon as possible.

In October, one week after Adobe pushed its last handful of patches for Flash, attackers began bundling one of the fixed vulnerabilities (CVE-2014-0569) into the Fiesta exploit kit. Independent malware researcher Kafeine wrote at the time that it was a “really fast integration” into an exploit kit and that whoever coded it must have reversed the patch in two days. It remains to be seen whether any of the 18 vulnerabilities that were fixed today are either currently being exploited in the wild or if they’ll eventually be incorporated into a future exploit kit.
 

Adhit Prakosho

Level 19
Thread author
Verified
Top Poster
Well-known
Sep 14, 2014
929
To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.

To verify the version of Adobe AIR installed on your system, follow the instructions in the Adobe AIRTechNote.
 
  • Like
Reactions: frogboy
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top