Adobe on Tuesday released updates that address multiple security vulnerabilities across various versions of Adobe Flash Player running on Windows, Macintosh, Linux, and Android.
The security updates address critical vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system, though Adobe said it is not aware of any exploits in the wild for any of the issues being patched as part of today’s release.
Just over a week ago, Adobe issued a set of patches to address more than 20 security issues in Adobe Reader, Shockwave and Flash.
“Adobe just patched Flash on August 14th with APSB12-18 and releasing back to back updates does not bode well,” said Andrew Storms, nCircle’s director of security operations. “You have to ask yourself why these bug fixes were not included in last week’s release. The real head scratcher is timing, what is going on with the planning and release management program at Adobe to warrant this?”
“My interpretation is that last week’s release was an out-of-band emergency fix to address a specific vulnerability that was being abused in the wild and that could not be integrated with this bigger release,” opined Wolfgang Kandek, CTO of Qualys. “Last week’s release effectively pushed out the date for this bigger release, probably due to scheduling and resource conflicts.”
In Adobe’s security bulletin (APSB12-19) they recommend users update their product installations to the latest versions:
• Users of Adobe Flash Player 11.3.300.271 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.4.402.265.
• Users of Adobe Flash Player 11.2.202.236 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.238.
• Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.3.31.230 for Windows and Linux, and Flash Player 11.4.402.265 for Macintosh.
• Users of Adobe Flash Player 11.1.115.11 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.17.
• Users of Adobe Flash Player 11.1.111.10 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.16.
• Users of Adobe AIR 3.3.0.3670 for Windows and Macintosh should update to Adobe AIR 3.4.0.2540.
• Users of the Adobe AIR 3.3.0.3690 SDK (includes AIR for iOS) should update to the Adobe AIR 3.4.0.2540 SDK.
• Users of the Adobe AIR 3.3.0.3650 and earlier versions for Android should update to the Adobe AIR 3.4.0.2540.
Affected Software versions
• Adobe Flash Player 11.3.300.271 and earlier versions for Windows, Macintosh and Linux operating systems
• Adobe Flash Player 11.1.115.11 and earlier versions for Android 4.x
• Adobe Flash Player 11.1.111.10 and earlier versions for Android 3.x and 2.x
• Adobe AIR 3.3.0.3670 and earlier versions for Windows and Macintosh
• Adobe AIR 3.3.0.3690 SDK (includes AIR for iOS) and earlier versions
• Adobe AIR 3.3.0.3650 and earlier versions for Android
Adobe credited several individuals for reporting issues addressed in the release, including Xu Liu of Fortinet’s FortiGuard Labs, Will Dormann of CERT, Honggang Ren of Fortinet’s FortiGuard Labs, Alexander Gavrun through iDefense’s Vulnerability Contributor Program, and Claudio Santambrogio of Opera Software.

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.
More from Mike Lennon
- Watch Now: Threat Detection and Incident Response Virtual Summit
- Registration Now Open: 2023 ICS Cybersecurity Conference | Atlanta
- NetRise Adds $8 Million in Funding to Grow XIoT Security Platform
- Virtual Event Today: Zero Trust Strategies Summit
- Virtual Event Tomorrow: Zero Trust Strategies Summit
- Watch: How to Build Resilience Against Emerging Cyber Threats
- Video: How to Build Resilience Against Emerging Cyber Threats
- Webinar Today: Understanding Hidden Third-Party Identity Access Risks
Latest News
- OpenAI Unveils Million-Dollar Cybersecurity Grant Program
- Galvanick Banks $10 Million for Industrial XDR Technology
- Information of 2.5M People Stolen in Ransomware Attack at Massachusetts Health Insurer
- US, South Korea Detail North Korea’s Social Engineering Techniques
- High-Severity Vulnerabilities Patched in Splunk Enterprise
- Idaho Hospitals Working to Resume Full Operations After Cyberattack
- Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals
- Apple Denies Helping US Government Hack Russian iPhones
