Adobe Systems has issued security updates for Adobe Flash Player for Mac and Windows, updating Flash Player to version 184.108.40.206. The company also updated Flash Player for Linux to version 220.127.116.115. These software updates mitigate vulnerabilities that could potentially allow an attacker to take control of the affected system.
Affected software versions include: Adobe Flash Player 18.104.22.168 and earlier versions, Adobe Flash Player 22.214.171.1248 and earlier 13.x versions, and Adobe Flash Player 126.96.36.1994 and earlier versions for Linux.
For Adobe Flash users who have not yet updated to version 188.8.131.52, Adobe’s security bulletin (APSB14-27) offered the following warning:
“Adobe is aware of reports that an exploit for CVE-2014-9163 exists in the wild…”
Users who have updated to version 184.108.40.206 are not affected by CVE-2014-9163.
These security updates address the following vulnerabilities, as described below:
- These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2014-0587, CVE-2014-9164).
- These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2014-8443).
- These updates resolve a stack-based buffer overflow vulnerability that could lead to code execution (CVE-2014-9163).
- These updates resolve an information disclosure vulnerability (CVE-2014-9162).
- These updates resolve a vulnerability that could be exploited to circumvent the same-origin policy (CVE-2014-0580).
Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 220.127.116.11 immediately. Users of Adobe Flash Player for Linux should update to Adobe Flash Player 18.104.22.1685.
Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 22.214.171.124. Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 126.96.36.199.