Security & Privacy + Security News

Adobe Flash Player Update Fixes Three Security Flaws

Posted on October 15th, 2014 by

adobe-patched-headerAdobe Systems has issued security updates for Adobe Flash Player for Mac and Windows, updating its software to version 15.0.0.189. These updates patch three critical security flaws that could lead to remote code execution.

Affected software versions include: Adobe Flash Player 15.0.0.167 and earlier versions for Mac and Windows, Adobe Flash Player 13.0.0.244 and earlier 13.x versions, Adobe Flash Player 11.2.202.406 and earlier versions for Linux, Adobe AIR desktop runtime 15.0.0.249 and earlier versions, and Adobe AIR 15.0.0.252 and earlier versions for Android.

Adobe security bulletin (APSB14-22) describes the three flaws resolved in these updates as follows:

  • These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2014-0564, CVE-2014-0558).
  • These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2014-0569).

Users of Adobe Flash Player 15.0.0.167 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 15.0.0.189 (14.9 MB) as soon as possible. Users of Adobe Flash Player 13.0.0.244 and earlier 13.x versions should update to Adobe Flash Player 13.0.0.250. Users of Adobe Flash Player 11.2.202.406 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.411.

Adobe Flash Player installed with Google Chrome, Internet Explorer (IE) 10 and IE 11 will be automatically updated to the current version. Users of Adobe AIR desktop runtime 15.0.0.249 and earlier versions should update to version 15.0.0.293; similarly, users of Adobe AIR for Android should also update to Adobe AIR 15.0.0.293 (24.7 MB).