Adobe Fixes Flash Bugs

Wednesday, October 15, 2014 @ 04:10 PM gHale

Adobe released an update for Flash Player, mitigating three vulnerabilities which could end up running arbitrary code on a system.

Adobe marked all the flaws as “critical,” the highest severity rating, which means that applying the fix should be a priority for everyone.

Patch Tuesday Fixes 3 Zero Days
Chrome 38 Fixes 159 Security Bugs
Patch Tuesday: IE Zero Day Fixed
Chrome Update Brings 50 Security Fixes

Two of the vulnerabilities addressed consist of memory corruption bugs and could allow a potential attacker to execute native code remotely. The discovery of these issues comes from Ian Beer from Google’s Project Zero (CVE-2014-0558) and to Wen Guangxing from Venustech ADLAB (CVE-2014-0564).

A third glitch removed by the latest Flash Player update refers to an integer overflow vulnerability (CVE-2014-056), and is attributed to Bilou from HP’s Zero Day Initiative.

Users should install the new version to avoid a potential risk of attackers taking advantage.

In Google Chrome, the latest version of the player automatically installs through the browser update mechanism. With Internet Explorer, the process is automatic too, but the new version comes through Windows Updates.

Adobe Flash Player includes an option for applying the updates automatically, as soon as they become available. Another way to learn about a fresh release is to turn on the notification feature that alerts of new content from the developer being available.

Leave a Reply

You must be logged in to post a comment.