Adobe has released a new version of Adobe Flash Player, updating its software to version 11.6.602.180 for Mac OS X. The 16.1 MB software update is available for download and resolves four critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe advises all users of Adobe Flash Player 11.6.602.171 and earlier versions for Macintosh (and Windows) update their software to the newest version 11.6.602.180.
From Adobe’s security bulletin (APSB13-09), the following details describe the four flaws resolved in this update:
- These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2013-0646).
- These updates resolve a use-after-free vulnerability that could be exploited to execute arbitrary code (CVE-2013-0650).
- These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2013-1371).
- These updates resolve a heap buffer overflow vulnerability that could lead to code execution (CVE-2013-1375).
Users of Adobe Flash Player 11.6.602.171 and earlier versions for Mac OS X should update to Adobe Flash Player 11.6.602.180. Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.6.602.180 for Windows, Macintosh and Linux. Note that for users of Flash Player 10.3.183.67 and earlier versions for Windows and Macintosh who cannot update to Flash Player 11.6.602.180, Adobe has made available the update Flash Player 10.3.183.68, which can be downloaded here.