Adobe Systems has issued security updates for Adobe Flash Player for Mac and Windows, updating Flash Player to version 22.214.171.124. The company also updated Flash Player for Linux to version 126.96.36.1995. These software updates mitigate vulnerabilities that could potentially allow an attacker to take control of the affected system.
Affected software versions include: Adobe Flash Player 188.8.131.52 and earlier versions, Adobe Flash Player 184.108.40.2068 and earlier 13.x versions, and Adobe Flash Player 220.127.116.114 and earlier versions for Linux.
For Adobe Flash users who have not yet updated to version 18.104.22.168, Adobe’s security bulletin (APSB14-27) offered the following warning:
“Adobe is aware of reports that an exploit for CVE-2014-9163 exists in the wild…”
Users who have updated to version 22.214.171.124 are not affected by CVE-2014-9163.
These security updates address the following vulnerabilities, as described below:
- These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2014-0587, CVE-2014-9164).
- These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2014-8443).
- These updates resolve a stack-based buffer overflow vulnerability that could lead to code execution (CVE-2014-9163).
- These updates resolve an information disclosure vulnerability (CVE-2014-9162).
- These updates resolve a vulnerability that could be exploited to circumvent the same-origin policy (CVE-2014-0580).
Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 126.96.36.199 immediately. Users of Adobe Flash Player for Linux should update to Adobe Flash Player 188.8.131.525.
Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 184.108.40.206. Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 220.127.116.11.