Adobe Systems has issued security updates for Adobe Flash Player for Mac and Windows, updating Flash Player to version 220.127.116.11. The company also updated Flash Player for Linux to version 18.104.22.1685. These software updates mitigate vulnerabilities that could potentially allow an attacker to take control of the affected system.
Affected software versions include: Adobe Flash Player 22.214.171.124 and earlier versions, Adobe Flash Player 126.96.36.1998 and earlier 13.x versions, and Adobe Flash Player 188.8.131.524 and earlier versions for Linux.
For Adobe Flash users who have not yet updated to version 184.108.40.206, Adobe’s security bulletin (APSB14-27) offered the following warning:
“Adobe is aware of reports that an exploit for CVE-2014-9163 exists in the wild…”
Users who have updated to version 220.127.116.11 are not affected by CVE-2014-9163.
These security updates address the following vulnerabilities, as described below:
- These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2014-0587, CVE-2014-9164).
- These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2014-8443).
- These updates resolve a stack-based buffer overflow vulnerability that could lead to code execution (CVE-2014-9163).
- These updates resolve an information disclosure vulnerability (CVE-2014-9162).
- These updates resolve a vulnerability that could be exploited to circumvent the same-origin policy (CVE-2014-0580).
Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 18.104.22.168 immediately. Users of Adobe Flash Player for Linux should update to Adobe Flash Player 22.214.171.1245.
Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 126.96.36.199. Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 188.8.131.52.