Connect with us

Hi, what are you looking for?



Adobe Patches Critical Vulnerabilities in Flash Player

Adobe released a regularly-scheduled update for Flash Player addressing four critical vulnerabilities on Tuesday.

Adobe released a regularly-scheduled update for Flash Player addressing four critical vulnerabilities on Tuesday.

The patch addressed four critical vulnerabilities which affects Flash for Windows, Mac OS X, Linux, and older versions of Android, as well as Adobe AIR, Adobe said in its security bulletin. The vulnerabilities—integer overflow, use-after-free, memory corruption, and a heap buffer overflow—if exploited, could cause a crash and potentially allow the attacker to take control of the affected system, Adobe said.

Adobe credited members of the Google Security Team for reporting the heap buffer overflow and memory corruption vulnerabilities. The integer overflow bug came via an anonymous tip through iDefense’s Vulnerability Contributor Program, and Attila Suszter found the use-after-free flaw.

“Adobe is not aware of any exploits or attacks in the wild for any of the issues addressed in this update,” the company said in the advisory.

Affected platforms include Adobe Flash Player 11.6.602.171 and earlier versions for Windows and Macintosh, Adobe Flash Player and earlier versions for Linux, Adobe Flash Player and earlier versions for Android 4.x, and Adobe Flash Player and earlier versions for Android 3.x and 2.x. Users running Adobe AIR and earlier on Windows and Mac OS X, the SDK and AIR SDL and Compiler, and AIR for Android should also update the software, according to the advisory.

The Windows and Mac OS X patches are available from Adobe’s Flash Player Download Center. Google will push out an update for its Chrome Web browser with the fixed Flash Player and Microsoft will address the integrated Flash in Internet Explorer 10 for Windows 8. Android users should go to either Google Play or Amazon Marketplace for the latest updates.

The Flash update for Windows has an overall priority of 1, which means the vulnerabilities have a higher risk of being targeted and should be patched within 7 hours. Mac OS X is ranked 2, meaning there is “elevated risk” but exploits are not imminent.

Advertisement. Scroll to continue reading.

Adobe recommends installing the update within 30 days. The Flash updates for Linux and Android as well as the AIR update for Windows and Mac OS X are rated 3 so administrators should “install the update at their discretion,” according to Adobe.

Adobe released the bulletins hours before Microsoft is scheduled to release seven bulletins addressing vulnerabilities in Microsoft Silverlight, Internet Explorer, Microsoft Office, Microsoft Server Software, and Microsoft Windows for the March Patch Tuesday release.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.