Security News

Adobe Flash Player Turns 16, Fixes Multiple Security Holes

Posted on December 9th, 2014 by

adobe-patched-headerAdobe Systems has issued security updates for Adobe Flash Player for Mac and Windows, updating Flash Player to version 16.0.0.235. The company also updated Flash Player for Linux to version 11.2.202.425. These software updates mitigate vulnerabilities that could potentially allow an attacker to take control of the affected system.

Affected software versions include: Adobe Flash Player 15.0.0.242 and earlier versions, Adobe Flash Player 13.0.0.258 and earlier 13.x versions, and Adobe Flash Player 11.2.202.424 and earlier versions for Linux.

For Adobe Flash users who have not yet updated to version 15.0.0.246, Adobe’s security bulletin (APSB14-27) offered the following warning:

“Adobe is aware of reports that an exploit for CVE-2014-9163 exists in the wild…”

Users who have updated to version 15.0.0.246 are not affected by CVE-2014-9163.

These security updates address the following vulnerabilities, as described below:

  • These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2014-0587, CVE-2014-9164).
  • These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2014-8443).
  • These updates resolve a stack-based buffer overflow vulnerability that could lead to code execution (CVE-2014-9163).
  • These updates resolve an information disclosure vulnerability (CVE-2014-9162).
  • These updates resolve a vulnerability that could be exploited to circumvent the same-origin policy (CVE-2014-0580).

Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 16.0.0.235 immediately. Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.425.

Adobe Flash Player installed with Google Chrome will be automatically updated to the latest Google Chrome version, which will include Adobe Flash Player 16.0.0.235. Adobe Flash Player installed with Internet Explorer for Windows 8.x will be automatically updated to the latest version, which will include Adobe Flash Player 16.0.0.235.