Popular Topics

Topics

About

Policies

Our Network

More

Lucian Constantin
by
CSO Senior Writer

Adobe issues critical security updates for Flash Player, Reader and Shockwave Player

news
Sep 11, 20132 mins

The new updates address vulnerabilities that could allow attackers to compromise computers

Adobe released security updates for Flash Player, Adobe Reader and Shockwave Player on Tuesday to address critical vulnerabilities that could allow attackers to take control of systems running vulnerable versions of those programs.

The Flash Player updates address four memory corruption vulnerabilities that can lead to arbitrary code execution. The updates are version numbers 11.8.800.168 for Windows and Mac OS X; 11.2.202.310 for Linux; 11.1.115.81 for Android 4.x; and 11.1.111.73 for Android 3.x and 2.x.

[ InfoWorld’s expert contributors show you how to secure your Web browsers in a free PDF guide. Download it today! | Learn how to protect your systems with Roger Grimes’ Security Adviser blog and Security Central newsletter, both from InfoWorld. ]

Users of Google Chrome and Internet Explorer 10 on Windows 8 will automatically receive updates for the Flash Player plug-in bundled with those browsers through their respective update mechanisms.

The same Flash Player vulnerabilities were patched in Adobe AIR, a runtime for rich Internet applications that also bundles Flash Player. Adobe released version 3.8.0.1430 of AIR and AIR SDK (software development kit) for Windows, Mac OS X and Android.

New versions of Adobe Reader and Adobe Acrobat XI and X were released to address eight arbitrary code execution vulnerabilities: three memory corruption issues, two buffer overflows, two integer overflows and one stack overflow.

Users of Adobe Reader or Acrobat XI for Windows and Mac OS X are advised to upgrade to Adobe Reader XI (11.0.04) or Adobe Acrobat XI (11.0.04), respectively. Adobe Reader and Acrobat X for Windows and Mac have also been updated to version 10.1.8.

Adobe’s Shockwave Player, an application required to display online content created with Adobe’s Director software was updated to version 12.0.4.144 for Windows and Mac to address two memory corruption vulnerabilities that can lead to arbitrary code execution.

While not as popular as Flash Player, Shockwave Player is installed on 450 million Internet-enabled desktops, according to statistics from Adobe, which potentially makes it an attractive target for attackers.

Patch Management SoftwareApplication Security
Lucian Constantin
by
CSO Senior Writer

Lucian Constantin writes about information security, privacy, and data protection for CSO. Before joining CSO in 2019, Lucian was a freelance writer for VICE Motherboard, Security Boulevard, Forbes, and The New Stack. Earlier in his career, he was an information security correspondent for the IDG News Service and Information security news editor for Softpedia.

Before he became a journalist, Lucian worked as a system and network administrator. He enjoys attending security conferences and delving into interesting research papers. He lives and works in Romania.

You can reach him at lucian_constantin@foundryco.com or @lconstantin on X. For encrypted email, his PGP key's fingerprint is: 7A66 4901 5CDA 844E 8C6D 04D5 2BB4 6332 FC52 6D42

More from this author

Show me more

news

Databricks pitches Lakewatch as a cheaper SIEM — but is it really?

By Anirban Ghoshal
4 mins
AnalyticsSecurity Information and Event Management SoftwareSecurity Software
Image
news

Google targets AI inference bottlenecks with TurboQuant

By Prasanth Aby Thomas
4 mins
Artificial IntelligenceDevelopment ApproachesSoftware Development
Image
how-to

Basic and advanced Java serialization

By Rafael del Nero
18 mins
JavaProgramming LanguagesSoftware Development
Image
video

How to run your own little local Claude Code (sort of!)

7 mins
Python
Image
video

How to build desktop apps in Typescript with Electrobun

5 mins
Python
Image
video

Write and run assembly in Python with Copapy

5 mins
Python
Image