In association with heise online

12 December 2012, 11:06

Adobe updates Flash Player and Cold Fusion

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Adobe logo Adobe has released updates for Flash and AIR which include high priority fixes for Flash Player on Windows. The priority 1 for the flaw indicates that the vulnerabilities are being actively exploited in the wild. Three vulnerabilities are addressed including a buffer overflow, an integer overflow and a memory corruption problem, all of which can, Adobe says, lead to code execution. The Flash updates and their sources are detailed below:

Platform Version Source for update
Windows 11.5.502.135 Adobe
Mac OS X 11.5.502.136 Adobe
Linux Adobe
Android 4.x Automatically from Google Play (only for devices running Flash before 15 August 2012)
Android 3.x/2.x Automatically from Google Play (only for devices running Flash before 15 August 2012)
Google Chrome Google (Chrome automatically installs updates)
IE 10 (Windows 8 and Server 2012) 11.3.377.15 Windows Update

The updates for Flash Player also result in updates to Adobe's AIR, which includes the player; Adobe AIR and earlier is affected and should be updated to Adobe AIR on Windows and on Mac OS X, available from the download centre. AIR SDK users should update to Adobe AIR SDK on Windows or SDK on Mac OS X available from the SDK download centre. Updates for Android devices are available through Google Play or from the Amazon Marketplace.

Adobe also released a security hotfix for ColdFusion 10, rated as an important fix which is not currently being exploited in the wild. The fix is available for Windows, Mac OS X and UNIX. The vulnerability allowed for violations of the sandbox in shared hosting environments. Installation instructions for the Hotfix are available for ColdFusion 10, 9.0, 9.01 and 9.0.2.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit