Qualys Blog

www.qualys.com
wkandek

Update for Adobe Flash v11 and AIR v3

Just in time for Microsoft Patch Tuesday this week, Adobe has released a new version of its Flash v11 player for Windows, Mac OS X, Linux and Android. The update includes patches for 25 vulnerabilities that could each be used to gain remote code execution. While none of the vulnerabilities are in use in the wild as far as it is known, Adobe recommends installing the new version as fast as possible. At least on Windows, the priority rating is "1", meaning that a capable attacker would be able to analyze the patches and develop an exploit for one of the vulnerabilities in a few days.

All but one of the 25 vulnerabilities were discovered by the members of the Google Security Team; Instruder of vulnhunt.com discovered the remaining vulnerability.

By the way, Adobe Integrated Runtime (AIR) is also affected on Windows, Mac OS X and Android. Don’t forget to update if you have any of the numerous applications installed that use that software.

Users of Google Chrome and now also Internet Explorer 10/Windows 8 (see KB2755801) do not need to worry about the patch. Both browsers will update themselves with the new version of Flash automatically.

Leave a Reply