In association with heise online

07 November 2012, 09:51

Security updates for Flash and Air

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Flash Logo Adobe has released new versions of its Flash Player to eliminate a number of critical vulnerabilities. The vulnerabilities are associated with several CVE numbers; CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5280 are buffer overflows, CVE-2012-5279 is a memory corruption issue and CVE-2012-5278 is a security bypass; all of which are listed as potentially allowing an attacker to inject malicious code into the system. All the flaws were discovered by members of the Google Security Team.

The new versions of Flash for each platform are:

Plattform Version Source of the update
Windows and Mac OS X
11.5.502.110 Adobe
Linux Adobe

Android 4.x Automatically over Google Play (Only for devices that had Flash installed before 15 August 2012)
Android 3.x/2.x Automatically over Google Play (Only for devices that had Flash installed before 15 August 2012)
Google Chrome Google (Chrome automatically updates)
IE 10 (Windows 8 and Server 2012) 11.3.376.12 Windows Update / Microsoft

Google Chrome's embedded Flash Player is being updated in the process of updating Google Chrome to version 23, also released today. The automatic delivery of Flash Player for Windows 8 has apparently not started yet.

Users who are unsure of what version of Flash they are running can use the Adobe test page which will disclose the Flash version on all platforms. The Windows version of the player is the highest priority level, which suggests that there are exploits for its vulnerabilities in the wild and that updates should be installed as soon as possible.

Adobe also updated its AIR runtime which includes Flash Player and the associated development kits. Version is now the current version on all platforms.

Update (10:53) - Windows 8 updates are now being delivered to users.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit