Adobe Fixes 4 Flash Vulnerabilities

Thursday, April 10, 2014 @ 06:04 PM gHale

Adobe updated Flash Player to address four security holes.

Windows and Mac users should update their installations to version, while Linux users should update to

Adobe Patches Shockwave Player
Adobe Updates Flash Player
Adobe Patches Shockwave
IE Leads Patch Tuesday Fixes

Google Chrome, Internet Explorer 10 and Internet Explorer 11 installations automatically update.

The first vulnerability addressed with the release of Adobe Flash Player refers to a use-after-free bug that could end exploited for arbitrary code execution.

This vulnerability came to Adobe via VUPEN at the Pwn2Own competition that took place alongside the CanSecWest security conference.

The second flaw is a buffer overflow that could also result in code execution. This issue, also disclosed at Pwn2Own 2014, came via Zeguang Zhao and Liang Chen.

According to the description on NIST’s National Vulnerability Database, the bug “allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors.”

The updates also address a security bypass vulnerability that could lead to information disclosure, Adobe said.

Finally, a cross-site scripting (XSS) vulnerability also received a patch. Masato Kinugawa disclosed the XSS vulnerability.

Some of the vulnerabilities are critical because an attacker could exploit them to take control of the impacted system.

There’s no evidence that these security holes are under attack, but user should apply the updates as soon as possible.

Leave a Reply

You must be logged in to post a comment.