07 November 2012, 09:51

Security updates for Flash and Air

Flash Logo Adobe has released new versions of its Flash Player to eliminate a number of critical vulnerabilities. The vulnerabilities are associated with several CVE numbers; CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5280 are buffer overflows, CVE-2012-5279 is a memory corruption issue and CVE-2012-5278 is a security bypass; all of which are listed as potentially allowing an attacker to inject malicious code into the system. All the flaws were discovered by members of the Google Security Team.

The new versions of Flash for each platform are:

Plattform	Version	Source of the update
Windows and Mac OS X	11.5.502.110	Adobe
Linux	11.2.202.251	Adobe
Android 4.x	11.1.115.27	Automatically over Google Play (Only for devices that had Flash installed before 15 August 2012)
Android 3.x/2.x	11.1.111.24	Automatically over Google Play (Only for devices that had Flash installed before 15 August 2012)
Google Chrome	11.5.31.2	Google (Chrome automatically updates)
IE 10 (Windows 8 and Server 2012)	11.3.376.12	Windows Update / Microsoft

Google Chrome's embedded Flash Player is being updated in the process of updating Google Chrome to version 23, also released today. The automatic delivery of Flash Player for Windows 8 has apparently not started yet.

Users who are unsure of what version of Flash they are running can use the Adobe test page which will disclose the Flash version on all platforms. The Windows version of the player is the highest priority level, which suggests that there are exploits for its vulnerabilities in the wild and that updates should be installed as soon as possible.

Adobe also updated its AIR runtime which includes Flash Player and the associated development kits. Version 3.5.0.600 is now the current version on all platforms.

Update (10:53) - Windows 8 updates are now being delivered to users.

(djwm)

« previous | next »

Print Version | Send by email | Permalink: http://h-online.com/-1744946