Adobe releases patches for Flash Player and Shockwave Player
The new updates address 19 critical vulnerabilities
IDG News Service - Adobe released security updates for Flash Player and Shockwave Player on Tuesday in order to address a total of 19 vulnerabilities affecting the two products.
New stand-alone versions of Flash Player 11 were released for Windows, Mac, Linux and Android. The Flash Player plug-ins bundled with Google Chrome and Internet Explorer 10 will be automatically updated through the update mechanisms of the two browsers.
The new Flash Player versions patch 17 vulnerabilities, 16 of which are critical and can result in remote code execution. These vulnerabilities "could cause a crash and potentially allow an attacker to take control of the affected system," Adobe said in a security advisory. The other vulnerability could result in information disclosure.
New versions of Flash Player 10 have also been released for Windows, Mac and Linux in order to accommodate users who, for whatever reason, cannot upgrade to Flash Player 11.
Adobe AIR, a cross-platform runtime system for rich Internet applications, and the Adobe AIR SDK (Software Development Kit) have also received updates because they bundle Flash Player.
Adobe has a list of the new Flash Player and Adobe AIR version numbers for each specific platform in the "Solution" section of its APSB13-05 security advisory.
Adobe Shockwave Player, which is required for displaying some online content such as 3D games, product demonstrations, simulations and e-learning courses created with Adobe's Director software, has been updated to version 126.96.36.199 for the Windows and Mac platforms. The new version addresses two critical vulnerabilities that could allow attackers to run malicious code on the underlying systems.
Shockwave Player is not as popular as Flash Player, but according to Adobe, it still has a user base of more than 450 million.
The patches released Tuesday follow Adobe's new security update cycle. Back in November, the company announced that it will align its releases of Flash Player security updates with Microsoft's Patch Tuesday schedule, which sees security patches released on the second Tuesday of every month.
However, Adobe was forced to break out of this schedule last Thursday when it released an emergency update for Flash Player in order to address two actively exploited vulnerabilities.
Adobe is not aware of any exploits or attacks in the wild that target any of the issues addressed in the new Flash Player or Shockwave Player updates, said Heather Edell, senior manager of corporate communications at Adobe, in an email message on Tuesday.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
- Is Your Big Data Solution Production-Ready? Read "Is Your Big Data Solution Production-Ready?" now, and discover best practices and actionable steps to implementing a production-ready big data solution.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Malware and Vulnerabilities White Papers | Webcasts