Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Adobe Fixes 12 Vulnerabilities With Release of Flash Player 15

Adobe Flash Player 15.0.0.152, released on Tuesday, addresses a total of 12 security vulnerabilities, many of which could be exploited for code execution.

Adobe Flash Player 15.0.0.152, released on Tuesday, addresses a total of 12 security vulnerabilities, many of which could be exploited for code execution.

The flaws affect Flash Player 14.0.0.179 and earlier versions for Windows and Mac, Flash Player 13.0.0.241 and earlier 13.x versions, and Flash Player 11.2.202.400 and earlier versions for Linux.

The vulnerabilities fixed with this latest update have been assigned the CVE identifiers: CVE-2014-0547, CVE-2014-0548, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, CVE-2014-0553, CVE-2014-0554, CVE-2014-0555, CVE-2014-0556, CVE-2014-0557 and CVE-2014-0559.

CVE-2014-0557 is a memory leakage vulnerability that can be exploited to bypass memory address randomization. CVE-2014-0554 is a security bypass issue, and CVE-2014-0553 is a use-after-free flaw that could be leveraged for arbitrary code execution. Other vulnerabilities that could lead to code execution are the heap buffer overflows that have been assigned CVE-2014-0556 and CVE-2014-0559.

CVE-2014-0548 is a flaw that can be exploited to bypass the same origin policy. The rest of the issues addressed in Flash Player 15 are memory corruption issues that could lead to code execution.

Eight of the vulnerabilities have been reported to Adobe by Chris Evans of Google Project Zero, Michal Zalewski of the Google Security Team also being credited for one of them. Other researchers who have contributed to making Flash Player more secure are Masato Kinugawa, Liu Jincheng and Wen Guanxing from Venustech ADLAB, Bas Venis, and Lucas Leong of Trend Micro.

Most of the Flash Player updates have been rated as critical, which indicates that they address vulnerabilities that are being exploited, or ones that have a high risk of being exploited in the wild.

Adobe has also released version 15 of the cross-platform run-time system Adobe Integrated Runtime (Adobe AIR). The company is advising Adobe AIR desktop runtime, SDK, and SDK and Compiler customers to update their installations to version 15.0.0.249. Adobe AIR for Android users should update to version 15.0.0.252.

Adobe Reader and Acrobat security updates will be released only next week. They were originally set to be released on Tuesday, but the company was forced to reschedule them due to some issues identified during routine regression testing.

On the other hand, Microsoft patched its products as planned. The company has addressed a total of 42 vulnerabilities affecting Windows, Internet Explorer, the .NET framework, and Lync Server.

 

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.