Popular Topics

Topics

About

Policies

Our Network

More

Lucian Constantin
by
CSO Senior Writer

Adobe patches 28 critical vulnerabilities in Flash Player, Reader, and Acrobat

news
Jan 9, 20132 mins

One critical security vulnerability was fixed in Flash Player and 27 in Adobe Reader and Acrobat

Adobe Systems released new versions of Flash Player, Adobe Reader, and Adobe Acrobat on Tuesday in order to address a total of 28 critical security vulnerabilities in the software products.

The newly released Flash Player versions are: Flash Player 11.5.502.146 for Windows and Mac, Flash Player 11.2.202.261 for Linux, Flash Player 11.1.115.36 for Android 4.x, and Flash Player 11.1.111.31 for Android 3.x and earlier versions.

[ InfoWorld’s expert contributors show you how to secure your Web browsers in a free PDF guide. Download it today! | Learn how to protect your systems with Roger Grimes’ Security Adviser blog and Security Central newsletter, both from InfoWorld. ]

“These updates address a vulnerability that could cause a crash and potentially allow an attacker to take control of the affected system,” Adobe said in a security advisory.

The Flash Player plug-ins that come bundled with Google Chrome and Internet Explorer 10 for Windows 8 will automatically be updated by Google and Microsoft through their respective update mechanisms.

The company also released version 3.5.0.1060 of its Adobe AIR Internet application runtime system, because the software includes Flash Player and was vulnerable to the same vulnerability.

Adobe also released updates for all supported editions of Adobe Reader and Acrobat in order to fix 27 vulnerabilities found in the products. With the exception of three vulnerabilities — a privilege escalation and two security bypasses — all other flaws could potentially be exploited to execute arbitrary code.

Users of Adobe Reader and Acrobat XI (11.x) should upgrade to the newly released Adobe Reader and Acrobat version 11.0.1, users of Adobe Reader and Acrobat X (10.x) should upgrade to version 10.1.5, and users of the older Adobe Reader and Acrobat 9.x should upgrade to version 9.5.3, the company said in a security advisory.

“Adobe is not aware of any exploits or attacks in the wild targeting any of the issues addressed in these updates,” Wiebke Lips, Adobe’s senior manager for corporate communications, said via email.

Patch Management SoftwareApplication Security
Lucian Constantin
by
CSO Senior Writer

Lucian Constantin writes about information security, privacy, and data protection for CSO. Before joining CSO in 2019, Lucian was a freelance writer for VICE Motherboard, Security Boulevard, Forbes, and The New Stack. Earlier in his career, he was an information security correspondent for the IDG News Service and Information security news editor for Softpedia.

Before he became a journalist, Lucian worked as a system and network administrator. He enjoys attending security conferences and delving into interesting research papers. He lives and works in Romania.

You can reach him at lucian_constantin@foundryco.com or @lconstantin on X. For encrypted email, his PGP key's fingerprint is: 7A66 4901 5CDA 844E 8C6D 04D5 2BB4 6332 FC52 6D42

More from this author

Show me more

news

Context Hub vulnerable to supply chain attacks, says tester

By Paul Barker
6 mins
Artificial IntelligenceDevelopment ToolsSecurity
Image
news

Visual Studio Code previews chat customizations editor

By Paul Krill
3 mins
Development ToolsIntegrated Development EnvironmentsVisual Studio Code
Image
news

Databricks pitches Lakewatch as a cheaper SIEM — but is it really?

By Anirban Ghoshal
4 mins
AnalyticsSecurity Information and Event Management SoftwareSecurity Software
Image
video

How to run your own little local Claude Code (sort of!)

7 mins
Python
Image
video

How to build desktop apps in Typescript with Electrobun

5 mins
Python
Image
video

Write and run assembly in Python with Copapy

5 mins
Python
Image