Adobe today released an updated Flash Player that patched a dozen vulnerabilities, and also announced that a scheduled security update for Reader and Acrobat has been postponed to the week of Sept. 15.
Today’s release, which coincides with Microsoft’s monthly scheduled security updates, patches numerous remotely exploitable vulnerabilities in Flash Player for Windows, Macintosh and Linux operating systems.
None of the bugs are being exploited in the wild, Adobe said.
Affected versions of Flash Player are:
- Adobe Flash Player 22.214.171.124 and earlier versions
- Adobe Flash Player 126.96.36.199 and earlier 13.x versions
- Adobe Flash Player 188.8.131.520 and earlier versions for Linux
- Adobe AIR desktop runtime 184.108.40.206 and earlier versions
- Adobe AIR SDK 220.127.116.11 and earlier versions
- Adobe AIR SDK & Compiler 18.104.22.168 and earlier versions
- Adobe AIR 22.214.171.124 and earlier versions for Android
Adobe has given its highest criticality rating for Flash Player 14 running on Windows, Mac, Linux and Internet Explorer 10 for Windows 8. Flash Player 11 for Linux and Adobe Air for all platforms were given a lower criticality rating and administrators can update at their discretion, Adobe said.
The critical bugs enabling remote code execution exploit for the most part memory issues, including a memory leakage issue that could allow an attacker to bypass address space layout randomization (ASLR). Another six CVEs address memory corruption vulnerabilities that lead to code execution, as well as a use-after-free vulnerability, security-bypass vulnerability, a heap buffer overflow and another bug that allows a hacker to bypass the same origin policy.
Adobe had also planned to release new versions of Adobe Acrobat and Reader, but decided to reschedule its release to next week.
“This delay was necessary to address issues identified during routine regression testing,” Adobe said.
The update reportedly addresses critical vulnerabilities in Adobe Reader XI (11.0.08) and earlier versions for Windows and Macintosh, Adobe Reader X (10.1.10) and earlier versions for Windows and Macintosh, Adobe Acrobat XI (11.0.08) and earlier versions for Windows and Macintosh, and Adobe Acrobat X (10.1.10) and earlier versions for Windows and Macintosh.
This article was corrected to reflect that the updated Adobe patch will be available the week of Sept. 15.