Adobe Systems has released new versions of Adobe Flash Player, Reader and Acrobat for Macintosh, Linux and Windows platforms. These software updates fix a combined 40 bugs, with 13 flaws resolved in Adobe Flash and 27 resolved in Adobe Reader and Acrobat.
Adobe’s Flash Player update fixes memory corruption vulnerabilities that could lead to code execution.
The newly released Flash Player versions are: Flash Player 11.7.700.202 for Windows and Macintosh, and Adobe Flash Player 188.8.131.525 for Linux.
The following flaws are resolved in the Adobe Flash Player update as described in the security advisory:
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, CVE-2013-3335).
Adobe Systems also released updates for Macintosh and Windows supported versions of Adobe Reader and Acrobat, resolving vulnerabilities “that could cause a crash and potentially allow an attacker to take control of the affected system,” the company said in its security advisory.
The newly released Adobe Reader versions are: Adobe Reader XI (11.0.03) for Windows and Macintosh, and Adobe Reader 9.5.5 for Linux.
The newly released Adobe Acrobat version is: Adobe Acrobat XI (11.0.03) for Windows and Macintosh.
Following are details describing the vulnerabilities fixed in the Adobe Reader and Acrobat security updates:
- These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341).
- These updates resolve an integer underflow vulnerability that could lead to code execution (CVE-2013-2549).
- These updates resolve a use-after-free vulnerability that could lead to a bypass of Adobe Reader’s sandbox protection (CVE-2013-2550).
- These updates resolve a stack overflow vulnerability that could lead to code execution (CVE-2013-2724).
- These updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2013-2730, CVE-2013-2733).
- These updates resolve integer overflow vulnerabilities that could lead to code execution (CVE-2013-2727, CVE-2013-2729).
- These updates resolve a flaw in the way Reader handles domains that have been blacklisted in the operating system (CVE-2013-3342).
Users of Adobe Flash Player 11.7.700.169 and earlier versions for Mac and Windows should download and install the 17.1 MB update to Adobe Flash Player 11.7.700.202. Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.7.700.202 for Mac, Linux and Windows. Users of Adobe AIR 184.108.40.2060 and earlier versions for Windows and Mac should download and install the 26.2 MB update to Adobe AIR 220.127.116.110. The 76.7 MB update to Adobe Reader 11.0.03 can be downloaded using the full installer here. The 199 MB Adobe Acrobat 11.0.03 Pro update for Mac can be downloaded here.